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1. General 


1.1 Scope 


The System Description Video Content Protection System for the DVD+R/+RW Video Recording 
Format, in short VCPS, defines a method to prevent unauthorized copying and/or redistribution of 
video data that is recorded on VCPS-enabled DVD+R/+RW media in a VCPS-supported video 
recording format. The VCPS copy protection features are triggered by control information contained in 
video data incoming to a VCPS-enabled recorder. Copy protection is achieved by cryptographically 
binding the recorded video data to the physical media. For that purpose, VCPS-enabled video 
recorders as well as VCPS-enabled video players use licensable secrets and technologies. 


1.2 Main features 


Robust copy protection system that includes the following features: 

e Encryption of the recorded video data using strong cryptography (AES). 

e Randomly generated Unique ID to bind the recorded video data to the physical media. 

e Authorization of individual devices to provide recovery from potential security breaches. 

e Integrity protection of copy and redistribution control information contained in the recorded 
video data. 

e Compatibility of discs that support VCPS protected recordings with existing DVD+R/+RW 
equipment. ' 

e Low impact on design and manufacture of VCPS-enabled equipment and media. 


1.3 References and conformance 


All specifications in this document are mandatory, unless specifically indicated as recommended or 
optional or informative. In addition to the specifications provided in this document, VCPS also 
conforms to the applicable parts of the International Standards or System Descriptions listed below: 


CBC Recommendation for Block Cipher Modes of Operation: Methods and 
Techniques, NIST Special Publication 800-38A, December 2001. 

DVD+R System Description DVD+R 4.7 Gbytes, Basic Format Specifications. 

DVD+R DL System Description DVD+R 8.5 Gbytes, Basic Format Specifications. 

DVD+RW System Description DVD+RW 4.7 Gbytes, Basic Format Specifications. 

DVD+VR System Description DVD+RW, Video Format Specifications. 

DVD+VRR System Description DVD+R, Video Format Specifications. 

DVD-ROM DVD Specifications for Read-Only Disc, Part 1, Physical Specifications. 

DVD-Video DVD Specifications for Read-Only Disc, Part 3, Video Specifications. 

FIPS 140-1 Security Requirements for Cryptographic Modules, Federal Information 
Processing Standards Publication (FIPS PUB) 140-1. 

FIPS 197 Advanced Encryption Standard, Federal Information Processing Standards 
Publication (FIPS PUB) 197. 

ISO 646 Information technology — ISO 7-bit coded character set for information 
interchange, Ref. No. ISO/IEC 646:1991. 

MMC-4 SCSI Multi-Media Commands — 4 (T10/1545D). 





1 However, VCPS protected recordings do not play on existing DVD+R/+RW equipment. 
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1.4 Definitions 


ADIP 


AES 


AKB 


Application 


APS 


Audio Pack 


Authorization Key 


AV Pack 


AV Sector 


BP 


Buffer Zone 2 


Bus Key 


CBC 


CCI 


CGMS 


CDB 


Control Data Zone 


Data Frame 


Data Zone 


Version 1.34 


Address In Pre-groove. The addressing method used on a blank disc. See 
[DVD+RW], Section 14, Track format, and [DVD+R], Section 14, Track format, 
and [DVD+R DL], Section 14, Track format. 


Advanced Encryption Standard. The block cipher that is used for encryption 
and decryption. 


Application Key Block. An EKB structure that is embedded in an Application 
for the purpose of authenticating with a Drive. 


A software function or a hardware function that has the purpose of formatting 
or rendering Protected Video Recordings. 


Analog Protection System. A method of embedding copy management 
information in an analog video signal. 


A data structure containing audible data. See [DVD-Video], Section 5.2.4, 
Audio pack (A_PCK), and [DVD+VR], Section 3.4.3, IEC-60958 Audio packs 
(IEC_PCK). 


A cryptographic key that is carried by a leaf node of an EKB structure. 

A Video Pack, an Audio Pack, a Sub-Picture Pack, or a User Defined Pack. 
2048 Bytes of data according to the Protected Video Format. 

Byte Position. The location of a byte in a sequence of bytes. 


The last 512 sectors of the Lead-in on a DVD+R/+RW disc. See [DVD+RW], 
Section 17.12, Buffer Zone 2, and [DVD+R], Section 18.9, Buffer Zone 2, and 
[DVD+R DL], Section 18.9, Buffer Zone 2. 


A cryptographic key that is shared by an Application and a Drive as a result of 
the Drive to Application (Host) authentication protocol. 


Cipher Block Chaining. An encryption mode that is used for data exceeding 
the AES block size. 


Copy Control Information. A collection of status bits (such as APS, CGMS, 
and/or EPN) contained in video data that indicates if it is permitted to 
redistribute and/or make a copy of all or part of the video data. 


Copy Generation Management System. A method of embedding copy 
management information in a digital video signal. 


Command Descriptor Block. A data structure that contains a SCSI Multi-Media 
Command. 


An area on a DVD+R/+RW disc that contains Auxiliary information. See 
[DVD+RW], Section 17.11, Control Data Zone, and in [DVD+R], Section 18.8, 
Control Data Zone, and in [DVD+R DL], Section 18.8, Control Data Zone. 


The main data contained in a sector, extended with sector header data. See 
[DVD+RW], Section 13.1, Data Frames, and [DVD+R], Section 13.1, Data 
Frames, and [DVD+R DL], Section 13.1, Data Frames. 


An area on a DVD+R/+RW disc that contains one or more Protected Video 
Recordings, and optionally other data. See [DVD+RW], Section 18, Data 
Zone, and [DVD+R], Section 19, Data Zone, and [DVD+R DL], Section 19, 
Data Zone. 
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Device ID 


Disc 


Disc Key 


DKB 


Drive 


ECC Block 


EKB 


EPN 


General 


A 40-bit binary string that identifies a Player or a Recorder or a Drive. 


A DVD+R/+RW disc that indicates support for Protected Video Recordings. 
This indication is contained in the Physical Format Information. 


A cryptographic key that is obtained from hashing the Root Key and the 
Unique ID. The Disc Key is used to protect the Unique Key. 


Disc Key Block. An EKB structure contained on a Disc, which authorizes 
Players and Recorders to record or render Protected Video Recordings. 


A DVD+R/+RW playback or recording device that combines with a Host to 
form a Player or a Recorder. 


Error Correction Code Block. A sequence of 16 sectors for which an error 
correction mechanism is defined. See [DVD+RW], Section 13.3, ECC Blocks, 
and [DVD+R], Section 13.3, ECC Blocks, and [DVD+R DL], Section 13.3, 
ECC Blocks. 


Enabling Key Block. A data structure that authorizes VCPS system 
components. See also AKB and DKB. 


Encryption Plus Non-assertion. A method of embedding redistribution control 
data in a broadcast digital video signal. 


Extended Format Information 


Host 


Initial Zone 


Initialization Vector 1 


Initialization Vector 2 


Lead-in 


MAC 


Navigation Pack 


Node Key 


Physical Address 


Format information pertaining to VCPS that is contained on a blank Disc. The 
Extended Format Information is contained in the AUX bytes of the ADIP words 
in the Data Zone and/or in the Initial Zone in the main data channel. 


A general-purpose, open computing platform that contains an Application. 


The first part of the Lead-in on a DVD+RW disc; the first part of the Inner Drive 
Area on a DVD+R disc. See [DVD+RW], Section 17.1, Initial Zone, and 
[DVD+R], Section 17.1, Initial Zone, and [DVD+R DL], Section 17.1, Initial 
Zone. 


A 128-bit licensed constant that is used in CBC-mode encryption and 
decryption of AV Packs. 


A 128-bit licensed constant that is used in the Drive to Application (Host) 
authentication protocol. 


An area on a DVD+R/+RW disc that precedes the Data Zone. See 
[DVD+RW], Section 17, Lead-in Zone, and [DVD+R], Section 18, Lead-in 
Zone, and [DVD+R DL], Section 18, Lead-in Zone. 


Message Authentication Code. A cryptographic code that is used to verify that 
a message has not been tampered with. 


A data structure containing presentation control information, data search 
information, and real-time data information. See also [DVD-Video], Section 
5.2.2, Navigation pack (NV PCK), and [DVD+VR], Section 3.4.1, PCI GI 
Extension. 


One of a set of secret cryptographic keys that is associated with a Device ID. 
A Node Key is associated with a bit position of the Device ID. 


The address information in an ADIP word. See [DVD+RW], Section 14.4.1.1, 
ADIP word structure, and [DVD+R], Section 14.4.1.1, ADIP word structure, 
and [DVD+R DL], Section 14.4.1.1, ADIP word structure. 
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Physical Format Information 

Auxiliary information about the disc contained in the ADIP, as defined in 
[DVD+RW], Section 14.4.2, Physical format information in ADIP, and in 
[DVD+R], Section 14.4.2, Physical format information in ADIP, and in [DVD+R 
DL], Section 14.4.2, Physical format information in ADIP. Auxiliary information 
about the disc contained in the Control Data Zone, as defined in [DVD+RW], 
Section 17.11.1, Physical format information, and in [DVD+R], Section 18.8.1, 
Physical format information, and in [DVD+R DL], Section 18.8.1, Physical 
format information. 


Physical Sector Number. 
Bit O through 23 of the ID field of a Data Frame. See [DVD+RW], Section 
13.1.1, Identification Data (ID), and [DVD+R], Section 13.1.1, Identification 
Data (ID), and [DVD+R DL], Section 13.1.1, Identification Data (ID). 


Player A DVD+R/+RW video playback function capable of rendering video stored 
according to the Protected Video Format. A Player may consist of a 
Drive/Host combination. 


Program Key A cryptographic key that is used to compute the Sector Keys of a Protected 
Video Recording. Multiple Program Keys may be used within a single 
Protected Video Recording. 


Protected Video Format 
The data structures specified in [DVD-Video] plus [DVD+VR] plus optionally 
[DVD+VRR] plus this System Description VCPS. Alternatively, the data 
structures specified in [DVD-Video] plus this System Description VCPS. 


Protected Video Recording 
A recording of moving pictures, which is structured according to the Protected 
Video Format. 


Recorder A DVD+R/+RW video recording function capable of storing video according to 
the Protected Video Format. A Recorder is also a Player. A Recorder may 
consist of a Drive/Host combination. 


Root Key A cryptographic key, which is contained in an EKB structure in an encrypted 
form. 
Sector Key A cryptographic key that is used to encrypt the content of an individual sector 


that contains part of a Protected Video Recording. 


Sub-picture Pack A data structure containing still picture data. See also [DVD-Video], Section 
5.2.5, Sub-picture pack (SP. PCK). 


Unique ID A 40-bit binary string that identifies a Disc. 
Unique Key A cryptographic key that is used to protect the Program Key. 


User Defined Pack A data structure containing under defined data. See also [DVD+VR], Section 
3.4.2, User Defined pack (UD PCK). 


Video Pack A data structure containing moving picture data. See also [DVD-Video], 
Section 5.2.3, Video pack (V. PCK). 


VCPS The Video Content Protection System for the DVD+R/+RW Video Recording 
Format as described in the System Description VCPS (this document). 

VOBU Video Object Unit. See [DVD-Video], Section 5.1.1, Video Object Unit 
(VOBU). 
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1.5 Conventions 


1.5.1 Bit ordering 


The graphical representation of all multiple-bit quantities is such that the most significant bit (msb) is 
on the left, and the least significant bit (Isb) is on the right. Figure 1-1 defines the bit position in a byte. 


msb Isb 


[br | bs | bs | be | bs | ba | b, | bo | 


Figure 1-1: Bit ordering in a byte 





1.5.2 Byte numbering 


The bytes in a sequence of n bytes are located at byte positions 0..n— 1. Byte position O corresponds 
to the lowest address; byte position n— 1 corresponds to the highest address. 


1.5.3 Bit sequence 


In all places where a bit sequence is used, a most significant bit first notation is used. Bit sequences 
are enclosed between single quotes (^). 


1.5.4 Decimal notation 


All decimal values are preceded by a blank space or by the range indicator (..) when included in a 
range. The most significant digit is on the left; the least significant digit is on the right. 


1.5.5 Hexadecimal notation 


Unless indicated otherwise, all hexadecimal values are preceded by "Ox". The most significant nibble 
is on the left; the least significant nibble is on the right. 


1.6 Operators 


1.6.1 Range indicator 


The symbol “..” indicates a range of integer values. The difference between each adjacent pair of 


values in the range is 1. Both the values represented by the left-hand operand and the right-hand 
operand are included in the range. 


1.6.2 Bit string concatenation 


The symbol “||” indicates concatenation of two bit strings. In the resulting bit string, the most significant 
bit of the right-hand operand directly follows the least significant bit of the left-hand operand. 


1.6.3 Bit wise exclusive-OR 
The symbol “®” indicates a bit wise exclusive-OR operation of its left-hand and right-hand operands. 


1.6.4 Addition 
The symbol “+” indicates addition of its left-hand and right-hand operands. 


1.6.5 Multiplication 
The symbol “*” indicates multiplication of its left-hand and right-hand operands. 


1.6.6 Division 


The symbol “/” indicates integer division of its left-hand operand (the dividend) and its right-hand 
operand (the divisor). Any fractional result shall be truncated towards zero. 
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2. System Overview (Informative) 


2.1 General 


VCPS defines a method for preventing unauthorized copying and/or redistribution of video data that is 
recorded in the DVD+R/+RW video recording format. For the purposes of VCPS, there are two forms 
of the DVD+R/+RW video recording format. The first form consists of the data structures specified in 
[DVD-Video] plus [DVD+VR] plus optionally [DVD+VRR], which are optimized for real-time recording 
on DVD+R/+RW media. The second form consists of the data structures specified in [DVD-Video], 
which are more suitable for off-line recording (e.g., through a large buffer on a hard disk). Examples of 
video data that require the use of the VCPS copy protection features are the following: 

e Video data asserting that only one generation of copies is permitted. Such video data typically 
reaches a Recorder through a protected channel, such as DTCP (Digital Transmission 
Content Protection; for more information see http://www.dtcp.com). 

e Publicly broadcast television signals asserting that redistribution is not authorized. 

Usage of the VCPS copy protection features requires special DVD+R/+RW discs. Such special discs 
are fully compatible with DVD+R/+RW players and recorders that do not implement VCPS. 


At the basis of the VCPS copy protection features is encryption of the recorded video data using 
strong cryptography. VCPS uses a standard cipher (AES) that has a 128-bit key. Every 2048-byte 
sector on a Disc that contains protected video data is encrypted using its own unique Sector Key. For 
convenient navigation in a Protected Video Recording, the first 128 byes of a sector containing video 
header information are not encrypted. 

Encryption of the video data is not sufficient to prevent copying. For this purpose, a Recorder 
randomly generates a 40-bit Unique ID, which uniquely identifies a Disc. The Recorder stores this 
Unique ID on the Disc in a location so as to minimize the risk that DVD+R/+RW recorders that do not 
implement VCPS overwrite the Unique ID. The function of the Unique ID is to bind the Protected Video 
Recording to the physical media. For that purpose, the Unique ID serves as an ingredient for the 
calculation of the Sector Keys. This ensures that decryption can be performed only if the Protected 
Video Recording is read from the Disc used for the original recording. 

As with any system that uses cryptography to protect information, VCPS relies on a number of secret 
keys. Each Player/Recorder contains a set of so-called Node Keys KN. All stand-alone 
Players/Recorders contain a unique set of Node Keys KN. Combined with a Disc Key Block (DKB), the 
set of Node Keys KN serves as another ingredient to the calculation of the Sector Keys. The DKB 
authorizes individual Players/Recorders or groups of Players/Recorders to render or record Protevted 
Video Recordings. Players/Recorders are authorized only if they are able to successfully decode the 
DKB using the set of Node Keys KN. In the event that one or more Node Keys KN become public 
knowledge, the DKB will be modified so as to remove the authorization of the Player(s)/Recorder(s) 
that use those Node Keys KN. This means that those Player(s)/Recorder(s) cannot use Discs that 
contain the modified DKB to render or record Protected Video Recordings. Recording or rendering of 
unencrypted video data remains possible at all times. 

The DKB is stored in the ADIP and/or is pre-recorded on the Disc. It is the responsibility of the 
Recorder to copy the DKB to a location on the Disc that is accessible to Players. In order to prevent 
tampering with the DKB, the Recorder must check the copied DKB using the DKB hash value that is 
stored in the ADIP. 

The Protected Video Recording typically contains Copy Control Information (CCl) in the (unencrypted) 
portion of a sector. To prevent tampering with the CCI, Navigation Packs in the Protected Video 
Recording contain an encrypted copy of the CCI. A Player must check the consistency of the 
unencrypted CCI and the encrypted copy of the CCI. In case of an inconsistency, the Player must 
apply the most restrictive copy of the CCl while decrypting and rendering the Protected Video 
Recording. 
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2.2 Computer environments 


In a computer environment, a Player/Recorder consists of a Drive and a software Application. In this 
combination, the software Application calculates the Sector Keys and handles decryption/encryption of 
the video data. For this purpose, the software Application contains a set of Node Keys KN. Unlike in 
stand-alone Players/Recorders, individual installations of a software Application may contain the same 
set of Node Keys KN,. In addition, the software Application handles the integrity protection of the CCI 
provided by the encrypted copy of the CCI in the Navigation Packs. The Drive generates the Unique 
ID and stores the Unique ID on the Disc. In addition, a Drive that has recording functionality reads the 
DKB hash value from the ADIP, and writes the DKB to a location that is accessible for a Drive that has 
playback-only functionality (Buffer Zone 2 in the Lead-in). 

In order to calculate the Sector Keys, the software Application must retrieve both the Unique ID and 
the DKB hash value after authenticating the Drive. For this purpose, software Applications contain a 
built-in Application Key Block (AKB) and its Root Key KRautn, while Drives contain a set of Node Keys 
KN,. As part of the authentication protocol, the Drive decodes the Root Key KRau from the AKB using 
its Node Keys KNg. Only if both the Application and the Drive are authorized, the authentication 
protocol results in a so-called Bus Key KB. The Bus Key KB is used to encrypt the Unique ID and the 
DKB hash value, over the interface between the Drive and the software Application. This ensures that 
the software Application obtains the Unique ID and the DKB hash value from the physical media, i.e. 
the Disc. The significance thereof is that the software Application ensures that encrypted video data is 
bound to that particular Disc. 
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3. Cryptographic Functions 


3.1 Encryption algorithm 


The encryption algorithm shall be AES, as specified in [FIPS 197] in 128-bit key mode. Figure 3-1 
schematically shows AES encryption. 


k | AES 
encrypt 


C 


Figure 3-1: AES encryption 


Encryption is denoted as c = AESEncrypt(k, m), where k is a 128-bit key, and m is the 128-bit plain 
text block to be encrypted. The result is a 128-bit cipher text block c. 


3.1.1 CBC-mode encryption 


Figure 3-2 shows Cipher Block Chaining (CBC) mode encryption of multiple plain text blocks, as 
specified in [CBC]. All data paths shown in Figure 3-2 are 128 bits wide. 






AES 
encrypt 










AES 
encrypt 


encrypt 





C C; Clast 


Figure 3-2: CBC-mode encryption 


CBC-mode encryption is denoted as c = AESCBCEncrypt(k, iv, m), where k is a 128-bit key, ¡vis a 
128-bit initialization vector, and m is a sequence of two or more consecutive 128-bit plain text blocks 
m; i= 1..last. The result is a sequence c of consecutive cipher text blocks cj, i= 1..last, which shall be 
calculated from the equations 


Co = IV; 
c; = AESEncrypt(k, m;® c;- 4), i= 1..last. 


© Royal Philips Electronics, April 2006 9 


System Description VCPS 
Video Content Protection System for the DVD+R/+RW Video Recording Format 
Cryptographic Functions Version 1.34 


3.2 Decryption algorithm 


The decryption algorithm shall be AES, as specified in [FIPS 197] in 128-bit key mode. Figure 3-3 
schematically shows AES decryption. 


AES 
K | decrypt 


m 


Figure 3-3: AES decryption 


Decryption is denoted as m = AESDecrypt(k, c), where k is a 128-bit key, and c is the 128-bit cipher 
text block to be decrypted. The result is a 128-bit plain text block m. 


3.2.4 CBC-mode decryption 


Figure 3-4 shows CBC-mode decryption of multiple cipher text blocks, as specified in [CBC]. All data 
paths shown in Figure 3-4 are 128 bits wide. 


C Cy Clast 














AES 
decrypt 


AES 
decrypt 


AES 
decrypt 





m, m, 


Figure 3-4: CBC-mode decryption 


CBC-mode decryption is denoted as m = AESCBCDecrypt(k, iv, c), where k is a 128-bit key, iv is a 
128-bit initialization vector, and c is a sequence of two or more consecutive 128-bit cipher text blocks 
Cj i= 1..last. The result is a sequence m of consecutive plain text block mj; i= 1..last, which shall be 
calculated from the equations 


Co = IV; 
m; = AESDecrypt(k, cj) 8 C;- 4, i= 1..last. 
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3.3 Hash algorithm 
Figure 3-5 shows the hash algorithm. All data paths shown in Figure 3-5 are 128 bits wide. 


m, m»; Mast 














AES 
encrypt 


AES 
encrypt 


AES 
encrypt 














Figure 3-5: Hash function 


Hashing is denoted as h = AESHash(m), where m is a sequence of 17 or more bytes. The sequence 
m shall be padded at the end by the shortest amount of zeros (bytes of value 0x00), such that m 
consists of two or more consecutive 128-bit blocks mj, i= 0..last. The result is a single 128-bit value h, 
which shall be calculated from the equations 


h, = AESEncrypt(mo, m4) ® m; 
h¡= AESEncrypt(h;_ 1, m) 6 m, i= 2..last — 1; 
h = AESEncrypt(Aast- 1, Mast) O Mast- 


All intermediate values h; shall be discarded. 


3.4 Random number generator 
Figure 3-6 schematically shows the random number generator. 


RNG 


Figure 3-6: Random number generator 


The random number generator shall either be a true random number generator, or a pseudo-random 
number generator that passes the Monobit Test and the Poker Test and the Runs Test and the Long 
Run Test defined in [FIPS 140-1], Section 4.11.1. 
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4. Content Encryption and Decryption 


4.1 Overview (normative) 


Figure 4-1 provides a schematic diagram of the encryption and decryption system for Protected Video 
Recordings. The dotted box on the left part of Figure 4-1 shows the encryption and decryption steps 
that a Recorder shall execute in the case that the Disc already contains one or more Protected Video 
Recordings. Section 4.2.1 provides a detailed explanation of these steps as well as the additional 
steps that a Recorder shall execute in order to make the first Protected Video Recording on a blank 
Disc. The shaded oval in the center part of Figure 4-1 represents the Disc containing the data that is 
required to execute the encryption and decryption steps. The dotted box on the right part of Figure 4-1 
shows the decryption steps that a Player shall execute. Section 4.3.1 provides a detailed explanation 
of these steps. Unless indicated otherwise, all data paths in Figure 4-1 are 128 bits wide. A Player as 
well as a Recorder contain a 40-bit Device ID and set of 40 Node Keys KN (see Section 5). The size 
of the DKB is N bytes (see Section 5.4). 


Recording Playback 


ain : >> AA | 
B 2048 | 128. i E H1 i 
i| AVPack ZLI AES CBC- p| Encrypted | i | 2%) AES CBC- AVPack ! 
E encrypt i AV sector E decrypt 






































BP 80.95 i I BP 80.95 
Hash : — Hash [— 
KS i KS 
oe AES | Encrypted | | AES 
KP encrypt d KP E decrypt | KP 
AES : | Encrypted AES 
KU | decrypt i KU B decrypt | ku 
KD H E $ KD 
40 bits Vane 140 bits : 
E Hash : d : Hash E 
: : ID E 
l Device ID 40 + 40 -128 bits Protoss N bytes! Bae iN bytes Process 40 + 40 -128 bits Device ID l 
i | Node Keys DKB d i DKB Node Keys | | 


Figure 4-1: Schematic diagram of the key hierarchy 
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4.2 Recording 


4.2.1 Encryption system 


This Section 4.2.1 provides an explanation of the encryption steps that a Recorder shall execute to 
make a Protected Video Recording. 


DKB. The Recorder shall ensure that Buffer Zone 2 contains a valid copy of the DKB. See also 
Section 5 and Section 6.3.4. For this purpose, the Recorder shall execute one of the following three 
actions: 

e Copy the DKB from the Data Zone ADIP to Buffer Zone 2. See also Section 6.2.2. 

e Copy the DKB from the Initial Zone to Buffer Zone 2. See also Section 6.3.2. Calculate 


DKB Hash = AESHash(DKB), 


where DKB is retrieved from Buffer Zone 2. Verify that DKB Hash is equal to the DKB hash 
value contained in the Data Zone ADIP (see Section 6.2.3). If DKB Hash is not equal to the 
DKB hash value contained in the Data Zone ADIP, the Recorder shall inform the user that 
Protected Video Recordings are not possible on this Disc. 

e Calculate 


DKB Hash = AESHash(DKB), 


where DKB is retrieved from Buffer Zone 2. Verify that DKB Hash is equal to the DKB hash 
value contained in the Data Zone ADIP (see Section 6.2.3). If DKB Hash is not equal to the 
DKB hash value contained in the Data Zone ADIP, the Recorder shall inform the user that 
Protected Video Recordings are not possible on this Disc. 


Root Key KR. The Recorder shall process the DKB using its Device ID and Node Keys KN (see 
Section 5.2). If the Recorder is authorized to make Protected Video Recordings on the Disc, 
processing of the DKB yields the 128-bit Root Key KR. 


Unique ID. The Recorder shall ensure that Buffer Zone 2 contains a valid Unique ID. For this purpose, 
the Recorder shall execute either of the following two actions: 
e Generate a non-zero 40-bit Unique ID using a random number generator. The Recorder shall 
store the generated Unique ID in all Data Frames in Buffer Zone 2 that contain the DKB (see 
also Section 6.3.3). 
e Read the Unique ID from Buffer Zone 2, and verify that the Unique ID is non-zero. If all bits of 
the Unique ID are zero, the Recorder shall not make a Protected Recording on the Disc. 


Disc Key KD. Using the Root Key KR and the Unique ID, the Recorder shall compute a 128-bit Disc 
Key KD as follows: 


KD = AESHash(KR || Unique ID).? 


Unique Key KU. When using a Disc that does not contain Protected Video Recordings, the Recorder 
shall generate a 128-bit Unique Key KU using a random number generator (RNG). The Recorder shall 
use the Disc Key KD to encrypt the Unique Key KU as follows: 


encrypted KU = AESEncrypt(KD, KU). 


The Recorder shall store the encrypted Unique Key KU on the Disc (see also Section 6.4.2.1). 

When using a Disc that contains one or more Protected Video Recordings, the Recorder shall retrieve 
the encrypted Unique Key KU from the Disc (see also Section 6.4.2.1). Next, the Recorder shall use 
the Disc Key KD to decrypt the encrypted Unique Key KU as follows: 


KU = AESDecrypt(KD, encrypted KU). 





? Note that the input string KR || Unique ID to hash algorithm consists of 168 bits. The hash algorithm 
expands this input string to 256 bits prior to calculating the hash value (see Section 3.3). 
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Program Key KP. The Recorder shall generate a 128-bit Program Key KP using a random number 
generator (RNG). The Recorder shall generate a new Program Key KP: 

e ifthe Recorder starts a new video recording according to the Protected Video Format; or 

e within 32 MB of AV Pack data after the CCI status of the incoming video data changes (see 

also Section 4.2.2); or 

e whenever the Recorder deems necessary. 
Notwithstanding the above conditions, the Recorder shall not change the Program Key KP more often 
than once every 10 seconds of real time video. 
The Recorder shall use the Unique Key KU to encrypt the Program Key KP as follows: 


encrypted KP = AESEncrypt(KU, KP). 


The Recorder shall store the encrypted Program Key KP on the Disc (see also Section 6.4.1). 


Sector Key KS. The Recorder shall use the Program Key KP to compute a 128-bit Sector Key KS as 
follows: 


KS = AESHash(KP || BP 80..95). 


Here BP 80..95 represents byte positions 80 through 95 (128 bits) of the unencrypted 2048-byte AV 
Sector. 


AV Pack. The Recorder shall encrypt all AV Packs in the Protected Video Recording (see Section 
4.2.2). The Recorder shall use the PES Scrambling Control field in the first packet header in the AV 
Pack to indicate that the AV Pack stored on the Disc is encrypted (see Section 6.4.3). In addition, the 
Recorder shall set the Stream ID field in the first packet header in the encrypted AV Pack to the value 
specified in Section 6.4.3.? The Recorder shall use the Sector Key KS to encrypt the selected AV 
Pack as follows: 


encrypted AV Sector = BP 0..127 || AESCBCEncrypt(KS, IV1, BP 128..2047). 


Here BP 0..127 represents byte positions 0 through 127 (128 bytes) of the unencrypted AV Pack. The 
Recorder shall not encrypt these bytes. BP 128..2047 (1920 bytes) represents byte positions 128 
through 2047 of the unencrypted AV Pack. The Recorder shall encrypt these bytes in CBC mode. The 
initialization vector IV1 is a 128-bit licensed constant. 


4.2.2 Copy Control Information insertion 


Copy Control Information shall be inserted into the Protected Video Recording according to the 
compliance rules given in the “VCPS Content Protection Agreement.” 





? This avoids playback problems on video players that do not support VCPS protected recordings. 
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4.3.1 Decryption system 


This Section 4.3.1 provides an explanation of the decryption steps that a Player shall execute to 
render a Protected Video Recording. 


Root Key KR. The Player shall process the DKB using its Device ID and Node Keys KN (see Section 
5.2). If the Player is authorized to render Protected Video Recordings that are contained on the Disc, 
processing of the DKB yields the 128-bit Root Key KR. 


Disc Key KD. Using the Root Key KR and the Unique ID, the Player shall compute a 128-bit Disc Key 
KD as follows: 


KD = AESHash(kR || Unique ID). 


Unique Key KU. The Player shall retrieve the encrypted Unique Key KU from the Disc (see also 
Section 6.4.2.1). Next, the Player shall use the Disc Key KD to decrypt the encrypted Unique Key KU 
as follows: 


KU = AESDecrypt(KD, encrypted KU). 
The size of the Unique Key KU is 128 bits. 


Program Key KP. The Player shall use the Unique Key KU to decrypt the encrypted Program Key KP 
as follows: 


KP = AESDecrypt(KU, encrypted KP). 
The size of the Program Key KP is 128 bits. 


Sector Key KS. The Player shall read a sector from the Disc. If the sector is encrypted (see also 
Section 6.4.3), the Player shall use the Program Key KP to obtain a 128 bit Sector Key KS as follows: 


KS = AESHash(KP || BP 80..95). 
Here BP 80..95 represents byte positions 80 through 95 (128 bits) of the encrypted AV Sector. 


AV Pack. If the AV Pack in a sector is encrypted (see also Section 6.4.3), the Player shall use the 
Sector Key to decrypt the AV Pack as follows: 


AV Pack = BP 0..127 || AESCBCDecrypt(KS, IV1, BP 128..2047). 


Here BP 0..127 represents byte positions 0 through 127 (128 bytes) of the encrypted AV Sector. The 
Player shall not decrypt these bytes. BP 128..2047 (1920 bytes) represent byte positions 128 through 
2047 of the encrypted AV Sector. The Player shall decrypt these bytes in CBC mode. The initialization 
vector IV1 is a 128-bit licensed constant. After decryption, the Player may change the PES Scrambling 
Control field and the Stream ID field to values defined for plain text AV Packs (see Section 6.4.3). 


4.3.2 Copy Control Information verification 


While rendering a Protected Video Recording, the Player shall check that the CCI bits (see [DVD- 
Video] and [DVD+VR]) in the Protected Video Recording are consistent. If the CCI bits are not 
consistent, the Player shall use the most restrictive of the CCI bits while rendering the Protected Video 
Recording. In addition, the Player shall check that the CCI MAC contained in the Navigation Packs of 
the Protected Video Recording (see also Section 6.4.1) is correct and consistent with the unencrypted 
CCI in the Navigation Pack. If the CCI MAC is not correct and/or not consistent with the unencrypted 
CCI in the Navigation Pack, the Player shall use the most restrictive of the unencrypted CCI bits and 
the copy of the unencrypted CCI bits in the CCI MAC, while rendering the Protected Video Recording. 
Otherwise, the Player shall continue rendering of the Protected Video Recording. Note that the CCl 
MAC shall be deemed not correct if the Signature field of CCI Digest does not contain the value 
specified in Section 6.4.1. The Player shall obtain CCI Digest from the CCI MAC as follows: 


CCI Digest = AESDecrypt(KP, CCI MAC). 
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5. Enabling Key Block 


5.1 Overview (informative) 


The Enabling Key Block (EKB) authorizes Players and Recorders to process encrypted content. 
Authorized Players and Recorders process the EKB to obtain the Root Key KR. Unauthorized, or 
revoked, Players and Recorders cannot obtain the Root Key KR from the EKB. The EKB is based on 
the broadcast encryption mechanism that is described in C.K. Wong, M. Gouda, S.S. Lam, Secure 
Group Communications Using Key Graphs, Technical Report TR 97-23, The University of Texas at 
Austin, July 1997, and in D.M. Wallner, E.J. Harder, and R.C. Agee, Key Management for Multicast: 
Issues and Architectures, Request For Comments 2627, June 1999. 


5.2 Tree tracing 


The EKB contains a representation of a binary tree structure. Figure 5-1 shows an example of the top 
part of such a tree structure. The white circles and the gray circles represent the nodes of the tree. 
The black circle represents the root node of the tree. The node directly above a node is called its 
parent. A node directly below a node is called its child. The two nodes that have the same parent are 
called siblings. A node that does not have any children is called a leaf. All nodes that are on the 
(single) path from a node up to the root are called its ancestors. All nodes that are on the (multiple) 
paths from a node down to the leaf nodes are called its descendants. The tree that is formed by a 
node and all of its descendants is called a sub-tree. In Figure 5-1 the white circles represent leaf 
nodes, and the gray circles represent parent nodes. The root node is at level 0 in the tree. The child 
nodes of a node at level nin the tree are at level n+ 1 in the tree. The EKB contains the root node and 
at least one leaf node. 





Figure 5-1: Example of the top part of an EKB tree 


The nodes of the EKB tree contain the following information: a three-bit tag, and optionally an 
Authorization Key KA. 

The tags describe the tree structure. Each node carries a tag. In Figure 5-1, the underlined bit 
sequences left to each node indicate the tags. The tag bits have the following meaning: The leftmost 
tag bit is set to ‘1’ if the node is the root node or a leaf node; otherwise the leftmost tag bit is set to ‘0’. 
The center tag bit is set to ‘0’ if the node has a left-hand child; otherwise the center tag bit is set to ‘1’. 
Likewise, the rightmost tag bit is set to ‘0’ if the node has a right-hand child; otherwise the rightmost 
tag bit is set to ‘1’. 

The Authorization Keys KA consist of the Root Key KR decrypted with the appropriate Node Keys KN 
(see below). Each leaf node carries a unique Authorization Key KA. Parent nodes do not carry an 
Authorization Key KA. In Figure 5-1, KA, indicate the Authorization Keys. In this notation, the subscript 
x is a bit string that matches the most significant bits of one or more Device IDs (see below). 
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Players and Recorders are identified using a 40-bit Device ID. Each bit of the Device ID has an 
associated Node Key KN. The Node Key KN, that is associated with bit 0 of a Device ID is unique for 
that particular Device ID. The Node Key KN, that is associated with bit 1 of a Device ID is shared by 
two Device IDs (namely the Device IDs that become identical if bit O of those Device IDs is discarded). 
The Node Key KN) is shared by four Device IDs (namely the Device IDs become are identical if bit O 
and bit 1 of those Device IDs are discarded). In general, the Node Key KN; is shared by 2’ Device IDs 
(namely the Device IDs that become identical if bits 0..j— 1 of those Device IDs are discarded). 


Each Device ID is associated with a single leaf node in the EKB tree. Multiple Device IDs may be 
associated with a single leaf node. The following algorithm determines the leaf node that a Device ID 
is associated with: 
e Start at the root node. 
e For the appropriate number of Device ID bits, working from the most significant bit (bit 39) 
towards the least significant bit (bit 0), repeat the following steps in the order of appearance: 

e Ifthe Device ID bit is a ‘0’, proceed to the left-hand child node. If the left-hand child node 
does not exist, the Player or Recorder is not authorized. Further processing of the EKB 
will not yield the correct Root Key KR. 

e |f the Device ID bit is a ‘1’, proceed to the right-hand child node. If the right-hand child 
node does not exist, the Player or Recorder is not authorized. Further processing of the 
EKB will not yield the correct Root Key KR. 

e Stop if the node reached in the previous two steps is a leaf node. 


The Player or Recorder shall use the Authorization Key KA, which is placed on the leaf node found by 
the above algorithm, to obtain the Root Key KR as follows: 


KR = AESEncrypt(KN, KA,). 


In this notation, KN; is the Node Key that is associated with bit position j of the Device ID, where j is 
the position of the Device ID bit last used for branching in the above leaf finding algorithm. KA, is the 
Authorization Key that is placed on the leaf node found by the leaf finding algorithm. Note that the 
subscript x (a bit string of length 40 — /) matches the most significant bits of the Device ID processed 
by the leaf finding algorithm and represents the path taken through the EKB. 


See also Annex C for a few detailed examples. 


5.3 EKB usage 


A Player and a Recorder that does not consist of a Drive/Host combination shall contain a single 
Device ID as well as an associated set of Node Keys KN. The Device ID uniquely identifies that Player 
or Recorder. The set of Node Keys KN is unique for that Player or Recorder and coupled to the Device 
ID. The Player or Recorder shall use the set of Node Keys KN to decode the Disc Key Block (DKB) for 
content encryption and decryption (see Section 4). 

A Drive shall contain a single Device ID, as well as an associated set of Node Keys KNg. The Device 
ID4 uniquely identifies that Drive. The set of Node Keys KN, is unique for that Drive and coupled to the 
Device ID,. The Drive shall use the set of Node Keys KN, to decode the Application Key Block (AKB) 
for authentication with an Application (see Section 7). 

An Application shall contain a single Device ID, as well as an associated set of Node Keys KN,. The 
Device ID, may be identical in all installations of a software Application. The set of Node Keys KN, 
may be identical in all installations of a software Application (the set of Node Keys KN, is coupled to 
the Device ID). The Device ID, shall be unique in all hardware Applications. The set of Node Keys 
KN; is unique in all hardware Applications and coupled to the Device ID}. The Application shall use the 
set of Node Keys KN, to decode the DKB for content encryption and decryption (see Section 4) as 
well as to decode the AKB for authentication with a Drive (see Section 7). 
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5.4 EKB format 


The EKB consists of three parts, namely a header part that includes fields for identification and 
verification purposes; a tag part that contains the tags that describe the EKB tree structure; and a key 
part that contains the Authorization Keys KA. Table 5-1 defines the format of the EKB. The header 
part extends from byte O through byte 287. The tag part extends from byte 288 through byte M — 1 
(see below for the definition of M). The key part extends from byte M through the end of the EKB (byte 
N — 1; see below for the definition of N). 


Bit 
FERRE e e a e ea a tcd on 
pO 


(msb) 
EKB Signature 





(msb) 
EKB Size 





Sequence Number 





Key Check Data 





AJo —|-— -à | =à 


Authentication Data 





Reserved 


Tag Count 
Tag #2 




















Padding 


Authorization Key #1 





Authorization Key #2 





168 

[lae SS] 

| 287 | 

| 288 | 
M-1 


z 
l 





Table 5-1: EKB format 


EKB Signature. EKB Signature shall be set to 0x564350535F454B42 (the encoding of the characters 
"VCPS EKP" according to [ISO 646]). 


EKB Size. The size in bytes of the EKB (equal to N). The maximum size of the EKB is 448 kB. 
Sequence Number. EKBs are issued as an ordered series. Each time the authorization of one or 


more Players and/or Recorders are removed, i.e. revoked, the Sequence Number of the EKB is 
incremented by one. The EKB that authorizes all Players and Recorders has Sequence Number 1. 
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Key Check Data. A Player and/or a Recorder may verify the correctness of the Root Key KR obtained 
from the EKB (according to the algorithm defined in Section 5.2) by executing the following steps 

e Encrypt bytes 24..39 of the EKB (i.e. the 16 least significant bytes of Key Check Data) using 
the Root Key KR. 

e |f bytes 8..11 of the resulting encrypted block contain a copy of the Sequence Number, the 
Root Key KR is correct. Otherwise, the Root Key KR is not correct. In that case the Player or 
Recorder is not authorized. Note that a Player and/or a Recorder shall ignore bytes 0..7 and 
bytes 12..15 of the encrypted block. 

A Player and/or a Recorder shall ignore bytes 16..23 of the EKB. 


Authentication Data. Players and Recorders shall ignore this field. 
Reserved. All reserved bytes are set to 0x00. 


Tag Count. The tag part contains the (three-bit) tags carried by the nodes of the EKB tree. The Tag 
Count field contains the number of tags that follow in the remainder of the tag part. The tags are 
packed into bytes as shown in Table 5-1. If necessary, the last byte of the tag part is padded with 
zeros. The position M — 1 of the last byte of the tag part is calculated using the equation 


M — 1 = 289 + (Tag Count * 3 + 7)/8. 


The tags are stored in a left-to-right, top-down structure, i.e. the tag of the root node comes first, then 
the tag(s) of the nodes at level 1, subsequently the tag(s) of the nodes at level 2, and so on, down to 
the tag(s) of the nodes at the lowest level. 


Tag #n. The leftmost tag bit is set to ‘1’ if the node is the root node or a leaf node; otherwise the 
leftmost tag bit is set to ‘0’. The center tag bit is set to ‘1’ if the node does not have a left-hand child; 
otherwise the center tag bit is set to ‘0’. The rightmost tag bit is set to ‘1’ if the node does not have a 
right-hand child; otherwise the rightmost tag bit is set to ‘0’. 


Padding. If necessary, padding bits are inserted to complete the last byte of the tag part. All padding 
bits are set to ‘0’. 


Authorization Key #n. The key part contains the Authorization Keys KA carried by the leaf nodes of 
the EKB tree. The Authorization Keys KA are stored in a left-to-right, top-down structure, i.e. the 
Authorization Key(s) KA of level 1 come first, then the Authorization Key(s) KA of level 2, and so on, 
down to the Authorization Key(s) KA of the last level. The number of Authorization Keys KA contained 
in the key part is one less than the number of tags that have the leftmost tag bit set to ‘1’ (because the 
root node does not carry an Authorization Key KA). 
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6. Disc Format 


6.1 Overview (informative) 


The underlying physical format of the Disc is according to [DVD+RW] or [DVD+R] or [DVD+R DL]. The 
System Description VCPS provides extensions to this underlying physical format in three areas, 
namely the ADIP, the Lead-in, and the Data Zone. 


6.2 ADIP 


This Section 6.2 provides extensions to [DVD+RW], Section 14.4.2.1, General Information — Bytes 0 to 
31, and to [DVD+R], Section 14.4.2.1, General Information — Bytes 0 to 31, and to [DVD+R DL], 
Section 14.4.2.1, General Information — Bytes O to 31. 

In addition, this Section 6.2 defines VCPS Extended Format Information. Extended Format Information 
is not defined in the current versions of [DVD+RW], [DVD+R], and [DVD+R DL], but will be included in 
an upcoming release of the DVD+R/+RW basic format specifications. See also Annex F. 

VCPS defines two data blocks that shall occur in the Extended Format Information: A Disc shall 
contain one or more regions that contain the DKB (see Section 6.2.2). In addition, a Disc shall contain 
one or more regions that contain the DKB hash value (see Section 6.2.3). 


6.2.1  VCPS bits 


Bit 6 in byte 16 of the Physical Format Information in the ADIP shall indicate if the Extended Format 
Information contains VCPS related information. This bit shall be set as follows: 


‘0’: The Extended Format Information does not contain VCPS related information. 
la The Extended Format Information contains VCPS related information, as specified in 
Section 6.2.2 and Section 6.2.3. 


Bit 5 in byte 16 of the Physical Format Information in the ADIP shall be set to ‘0’. 


6.2.2 DKB region descriptor 


The EFI TOC on a Disc shall contain one or more DKB region descriptors. A DKB region that is 
contained in the AUX bytes of the ADIP in the Data Zone shall contain one or more consecutive 
copies of the DKB as defined in Table 6-1. For the format of a DKB region that is contained in the 
main data channel see Section 6.3.2.The following fields of the DKB region descriptor shall have the 
values specified: The Region Type Identifier shall be set to 0x444B42 (the encoding of the characters 
“DKB” according to [ISO 646]); the Version Number shall be set to 0x00; the Extent bit shall be set to 
‘0’; and the Private bit shall be set to ‘0’. 





Table 6-1: DKB region 


DKB £n. An EKB structure as defined in Section 5.4. N is the size of the DKB (in bytes), as defined in 
Table 5-1. The number n of copies of the DKB contained in the DKB region is contained in the 
corresponding Region Descriptor. 
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6.2.3 Hash region descriptor 

The EFI TOC on a Disc shall contain one or more hash region descriptors. A hash region shall contain 
one or more consecutive copies of the hash of the DKB, as defined in Table 6-2. The hash region shall 
be stored in the AUX data bytes of the ADIP in the Data Zone. The following fields of the hash region 
descriptor shall have the values specified: The Region Type Identifier shall be set to 0x485348 (the 
encoding of the characters “HSH” according to [ISO 646]); the Version Number shall be set to 0x00; 
the Extent bit shall be set to ‘0’; the Data Block Size shall be set to 16; the Private bit shall be set to 
‘0’; and the Alternative Location shall be set to zero. 


Bit 
BM 


DKB Hash #1 


DKB Hash #n 





Table 6-2: Hash region 
DKB Hash #n. The hash value of the DKB calculated as 
DKB Hash = AESHash(DKB), 


where DKB is the EKB structure as defined in Table 5-1. The number n of copies of the DKB Hash 
contained in the hash region is contained in the corresponding Region Descriptor. 


6.3 Lead-in / Inner Drive Area 

This Section 6.3 provides extensions to [DVD+RW], Section 13.1.3, RSV, Section 17.1, Initial Zone, 
Section 17.11.1, Physical format information, and Section 17.12, Buffer Zone 2, and to [DVD+R], 
Section 13.1.3, RSV, Section 17.1, Initial Zone, Section 18.8.1, Physical format information, and 
Section 18.9, Buffer Zone 2, and to [DVD+R DL], Section 13.1.3, RSV, Section 17.1, Initial Zone, 
Section 18.8.1, Physical format information, and Section 18.9, Buffer Zone 2. 
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6.3.1 VCPS bits 


Bit 6 in byte 16 of the Physical Format Information in the Control Data Zone shall indicate if the 
Extended Format Information in the ADIP contains VCPS related information. This bit shall be set as 
follows: 


‘0’: The Extended Format Information does not contain VCPS related information. 
ies The Extended Format Information contains VCPS related information, as specified in 
Section 6.2.2 and Section 6.2.3. 


Bit 5 in byte 16 of the Physical Format Information in the Control Data Zone shall indicate if Buffer 
Zone 2 contains VCPS related information. This bit shall be set as follows: 


‘0: Buffer Zone 2 does not contain VCPS related information.* 
1”: Buffer Zone 2 contains VCPS related information, as specified in Section 6.3.3 and 
Section 6.3.4. 


6.3.2 Pre-recorded DKB 


A Disc manufacturer may pre-record the DKB in the Initial Zone. The format of the pre-recorded DKB 
Area is defined in Table 6-3. The Alternative Location field in the ADIP TOC entry of the corresponding 
DKB region shall contain the Physical Sector Number of the first sector of the structure shown in Table 
6-3. This Physical Sector Number shall coincide with an ECC Block boundary. If the DKB is contained 
in the AUX bytes of the ADIP in the Data Zone and is pre-recorded in the Initial Zone as well, both 
instances of the DKB shall be identical. 


ECC 
Blocks 
4 


Buffer Block 





DKB #1 


Buffer Block 





DKB #2 





DKB #3 


Buffer Block 





DKB #4 


1 
1 Buffer Block 
1 





Table 6-3: Pre-recorded DKB Area 
Buffer Block. All bytes in a Buffer Block shall be set to 0x00. 
DKB #n. An EKB structure as defined in Section 5.4. The size K in ECC Blocks of the DKB is 
calculated using the equation 
K= (N + 32767) / 32768. 


Here N is the size in bytes of the DKB, as defined in Table 5-1. All bytes in DKB #n at byte position 
N..((K * 32768) — 1) shall be set to 0x00. 





* Note that if the first session on a DVD+R Disc was closed by a recorder that is not designed to 
handle VCPS, Buffer Zone 2 might contain VCPS related information anyway. 
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6.3.3 Storage of Unique ID 


When writing to Buffer Zone 2, a Recorder shall randomly generate a non-zero 40-bit Unique ID to 
identify the Disc (see also Section 4.2). The Recorder shall store the Unique ID in the RSV field? of all 
Data Frames in Buffer Zone 2 that contain a copy of the DKB and/or padding data (i.e. the Recorder 
shall store the Unique ID in the headers of sectors OX2FE10..0x2FEEF and in the headers of sectors 
0x2FF10..0x2FFEF). The recorder may store the Unique ID in the RSV field of all Data Frames in 
Buffer Zone 2 that contain buffer block data (i.e. the Recorder may store the Unique ID in the headers 
of sectors Ox2FE00..0x2FEOF, in the headers of sectors Ox2FEFO..0x2FFOF, and in the headers of 
sectors Ox2FFFO..0x2FFFF). Table 6-4 defines the content of the RSV field. 


Bit 
Bee [ees [oe PO es 2] ORO ee 
Oo o  ————— 


Reserved 
(msb) 


Unique ID 





Table 6-4: Unique ID 


Reserved. All reserved bits shall be set to ‘0’. 


Unique ID. A randomly generated 40-bit binary string that identifies the Disc. 





? Note that this field is called CPR_MAI in [DVD-ROM]. 
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6.3.4 Storage of DKB 


When writing to Buffer Zone 2, the Recorder shall store two identical copies of the DKB in Buffer Zone 
2 (see also Section 4.2). Table 6-5 defines the position of the two copies of the DKB in Buffer Zone 
2.7 


Physical 
Sector 
Number 


0x2FE00 
: Buffer Block 

Ox2FEOF 

Ox2FE10 





DKB #1 





Padding 


Ox2FEEF 
Ox2FEFO 





: Buffer Block 

Ox2FEFF 

Ox2FFOO 
i Buffer Block 

Ox2FFOF 

Ox2FF 10 





DKB #2 


Padding 
Ox2FFEF 
0x2FFFO 





: Buffer Block 
Ox2FFFF 





Table 6-5: DKB in Buffer Zone 2 
Buffer Block. All bytes in a Buffer Block shall be set to 0x00. 
DKB £n. An EKB structure as defined in Section 5.4. The size Q in sectors of the DKB is calculated 
using the equation 
Q = (N+ 2047) / 2048. 
Here N is the size in bytes of the DKB, as defined in Section 5.4. All unused bytes in DKB £n at byte 
position N..((Q * 2048) — 1) shall be set to 0x00. 


Padding. All padding bytes shall be set to 0x00. 





$ On a DVD+R Disc, if Buffer Zone 2 is recorded, the first ECC Block of the Data Zone shall be 
recorded as well. 

7 On a DVD+R Disc with an open first session, Buffer Zone 2 shall not be recorded if the first session 
does not contain at least one Protected Video Recording. 
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6.4 Data Zone 


This Section 6.4 provides extensions to [DVD-Video], Section 5.2.2, Navigation Pack (NV_PCK), and 
Section 4.5, Data Search Information (DSI). In addition, this Section 6.4 provides extensions to 
[DVD+VR], Section 3.4.1, PCI GI Extension, and Section 4.2, VRMI General Information (VRMI GI). 
Finally, this Section 6.4 provides extensions to [DVD-Video], Section 5.2.3, Video Pack (V PCK), 
Section 5.2.4 Audio Pack (A PCK), and Section 5.2.5, Sub-picture Pack (SP PCK), and to [DVD+VR] 
Section 3.4.2, User Defined pack (UD PCK), and Section 3.4.3, IEC-60958 Audio packs (IEC_PCK). 


6.4.1 Storage of Program Key KP 


The Navigation Packs (NV PCK) shall store the encrypted Program Key(s) KP as well as CCI status 
Message Authentication Codes (MAC). Table 6-6 defines the extended NV PCK.? 


Pack Header 


System Header 














PCI PKT 





























DSI PKT 








Reserved 





Encrypted Program Key KP 





CCI MAC 





Table 6-6: Extended NV PCK 
Pack Header. See [DVD-Video], Section 5.2.1, Structure of pack. 
System Header. See [DVD-Video], Section 5.2.2, Navigation Pack (NV PCK). 
PCI PKT. See [DVD-Video], Section 4.4, Presentation Control Information (PCI). If the Protected 
Video Recording contains the PCI GI extensions specified in [DVD VR], see also [DVD+VR], Section 
3.4.1, PCI GI Extension. 


APS. Analog Protection System trigger bits. See [DVD-Video], Section 4.4.1, PCI General 
Information (PCI Gl). 





? Extended NV. PKCs may be recogized by testing for a non-zero value in any one of the byte 
positions 2016..2047. 
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CGMS 1/2. Copy Generation Management System control bits. The CGMS 1/2 bits indicate if 
the associated AV Sectors may be copied as follows:? 


‘00’: The associated AV Sectors may be copied without restriction. 
‘01°: Reserved 

‘10°: Reserved 

‘11: The associated AV Sectors may not be copied. 


EPN 1/2. Encryption Plus Non-Assertion bit. The EPN 1/2 bits are valid only if the 
corresponding CGMS 1/2 bits are set to ‘00’. In that case, the EPN 1/2 bits indicate if the 
associated AV Sectors are encrypted as follows: 


‘0: The associated AV Sectors are not encrypted. 
1”: The associated AV Sectors are encrypted. 


DSI_PKT. See [DVD-Video], Section 4.5, Data Search Information (DSI). 
Reserved. All reserved bits shall be set to ‘0’. 


New PK. The New PK bit shall indicate if the Encrypted Program Key KP is different from the 
Encrypted Program Key KP in the preceding extended NV_PCK. Hereto, the New PK bit shall 
be set to the binary complement of the New PK bit in that preceding NV_PCK. The New PK bit 
in the first extended NV_PCK of a Protected Video Recording may be set to any value. 


Encrypted Program Key KP. The Encrypted Program Key KP contains the Program Key KP 
that is in use for all encrypted AV Sectors of the VOBU. 


CCI MAC. The CCI MAC shall be computed as follows: 
CCI MAC = AESEncrypt(KP, CCI Digest) 
Table 6-7 defines CCI Digest. 


Digest Version 


= as CGMS 1 CGMS 2 EPN1 | EPN2 


Reserved 





Signature 





Table 6-7: CCI Digest 


Digest Version. In this revision of the System Description VCPS, the value of Digest Version shall be 
set to 0x01. 


APS. This 2-bit field shall be a copy of the APS field contained in the extended NV PCK. 

CGMS 1/2. These 2-bit fields shall be copies of the CGMS fields contained in the extended NV PCK. 
EPN 1/2. These 1-bit fields shall be copies of the EPN fields contained in the extended NV PCK. 
Reserved. All reserved bytes shall be set to 0x00. 


Signature. The 4-byte signature shall have the value OXACC1CODE. 





? If the Protected Video Recording contains the PCI_GI extensions specified in [DVD+VR], Section 
3.4.1, PCI GI Extension, and these PCI GI extensions indicate that the CGMS 2 and EPN 2 fields are 
not present, CGMS 2 shall be set to ‘00’ and EPN 2 shall be set to ‘0’. If these PCI Gl extensions are 
not used, CGMS 2 shall be set to ‘00’ and EPN 2 shall be set to ‘0’. 
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6.4.2 Storage of Unique Key KU 


If the Protected Video Recording contains the VRMI data structures as specified in [DVD+VR], Section 
4, Video Recording Manager Information (VRMI), and optionally [DVD+VRR], Section 2.3.2, Layout of 
an open DVD+R Video Session, see Section 6.4.2.1. Otherwise, see Section 6.4.2.2." 


6.4.2.1 VRMI General Information 


The encrypted Unique Key KU shall be stored in the general video recording manager information 
(VRMI GI). Table 6-8 defines the extended VRMI GI. 


Bit 
EA AAA EA A 
CHEN 


VRMI GI 





VERN 





VRMI GI 





CP METHOD 





VRMI GI 





Reserved KU Valid 








Encrypted Unique Key KU 


(Isb) 





VRMI GI 





Table 6-8: Extended VRMI GI 
VRMI GI. See [DVD+VR], Section 4.2, VRMI General Information. 
VERN. VERN shall indicate a format of [DVD+VR], and optionally [DVD+VRR], which provides support 
for content protection (e.g. VERN equals 0x0020). See also [DVD+VR], Section 4.2, VRMI General 
Information. 
CP METHOD. CP METHOD shall be set to 0x02. "' 


Reserved. All reserved bits shall be set to ‘0’. 


KU Valid. The KU Valid bit shall indicate the status of the Encrypted Unique Key as follows: 


‘0: The Encrypted Unique Key field does not contain valid data. 
1”: The Encrypted Unique Key field contains valid data. 


Encrypted Unique Key KU. The Unique Key KU, encrypted using the Disc Key KD. See also Section 
4.2. 





1% If the Disc contains both an extended VRMI GI and a VIDEO RK.IFO file, the Encrypted Unique 
Key KU field in both structures shall be identical. 

11 Note that the non-zero value of CP_METHOD means that [DVD+VR] and [DVD+VRR] may specify 
additional fields that are related to content protection. E.g., if VERN equals 0x0020, the CP_stat bits of 
the REC_VOB_IFO field included in the recording information for each recording shall indicate the 
protection status (see [DVD+VR], Section 4.4.3, VRMI_RECI for Recording that is not deleted). 
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6.4.2.2 Video Recording Key 


The encrypted Unique Key KU shall be stored in the file VIDEO _RK.IFO, which shall be located in the 
directory VIDEO RM. VIDEO RM shall be a subdirectory of the root directory. In addition, VIDEO RM 
shall contain the file VIDEO RK.BUP, which is a back-up copy of VIDEO RK.IFO. VIDEO RK.IFO 
and VIDEO RK.BUP shall be sufficiently physically separated on the Disc. Table 6-9 defines the 
format of VIDEO RK.IFO. 


VCPS Signature 





Reserved 





CP METHOD 





Reserved 
KU Valid 








Encrypted Unique Key KU 


(Isb) 





Reserved 





Table 6-9: Format of VIDEO RK.IFO 


VCPS Signature. VCPS Signature shall be set to 0x564350535F434F4E54524F4C (the encoding of 
the characters "VCPS CONTROL" according to [ISO 646]). 


Reserved. All reserved bits shall be set to ‘0’. 
CP METHOD. CP METHOD shall be set to 0x02. 
KU Valid. KU Valid shall be set to ‘1’. 


Encrypted Unique Key KU. The Unique Key KU, encrypted using the Disc Key KD. See also Section 
4.2. 
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6.4.3 AV Pack 


AV Sectors containing an AV Pack shall be encrypted. This is indicated in the first packet header in 
the Video Packs, Audio Packs, Sub-Picture Packs and User Defined Packs in the Protected Video 
Recording. Table 6-10 defines the encrypted AV Sector. 


eee eee EPA IE A A A ee 


Pack Header 


ES 

| 13 | 

AA] Packet Header 
HE Stream ID 
—— 

| 127 











PES Packet 
Scrambling Control Header 











127 


Encrypted AV Data 


Table 6-10: Encrypted AV Sector 
Pack Header. See [DVD-Video], Section 5.2.1, Structure of pack. 





Packet Header. See [DVD-Video], Section 5.2.3, Video pack (V_PCK), Section 5.2.4, Audio pack 
(A_PCK), and Section 5.2.5, Sub-picture pack (SP_PCK); see [DVD+VR], Section 3.4.2, User Defined 
pack (UD_PCK), and Section 3.4.3, IEC-60958 Audio packs (IEC_PCK). 


Stream ID. The Stream ID depends on the AV Pack type. The Stream ID in the first packet header in 
the encrypted AV Pack shall be set as defined in Table 6-11. 12 In addition to the Stream ID in the 
encypted AV Pack, Table 6-11 also provides the Stream ID in the corresponding plain text AV Pack. 


Audio Pack (A_PCK) 
MPEG audio base stream ‘11000xxx | 11001 yyy 
MPEG audio extension stream | ‘11010xxx | '11011yyy 
All other audio types OxBD OxED 

Sub-picture Pack (SP PCK) 

User Defined Pack (UD PCK) 

Note: the three ‘xxx’ bits represent the audio stream number; 

the three ‘yyy’ bits are the one's complement of the ‘xxx’ bits. 




















Table 6-11: Stream ID in plain text versus encrypted AV Packs 


PES Scrambling Control. PES Scrambling Control shall be set to '11', indicating that the AV Pack 
contained in the AV Sector is encrypted. 


(Encrypted) AV Data. The AV Pack contained in the AV Sector shall be encrypted using the Sector 
Key KS. See also Section 4. 





12? This avoid playback problems on video players that do not support VCPS protected recordings. 
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7. Drive Interface 


When making and/or rendering a Protected Video Recoding, the Host shall execute all content 
encryption and decryption steps shown in the “Recording” and “Playback” portions of Figure 4-1. In 
addition, when making a Protected Video Recording the Host shall ensure that Buffer Zone 2 on the 
Disc contains a valid copy of the DKB (see also Section 4.2.1)."° 

In order to enable playback and/or recording of Protected Video Recordings, the Host shall obtain the 
DKB hash value and the Unique ID from the Drive using the authentication protocol that is visualized 
in Figure 7-1. In order to execute this authentication protocol, the Drive shall contain a unique Device 
ID4, and a set of Node Keys KN¿. The Host shall contain a built-in Application Key Block AKB, and a 
pre-computed copy of the Root Key KRaun that is contained in the AKB. 


Drive 


Device ID¿, KN, 


Host 


AKB, KR, 


select KA, from AKB 
generate random RA 


use KN, to obtain KR 
generate random RD, QD 


auth 


verify RA 
generate random QA 
verify RD 


calculate KB = H(QD || QA) calculate KB = H(QD || QA) 





Figure 7-1: Authentication protocol 





13 Note that the Drive shall not store the DKB (and Unique ID) in Buffer Zone 2 on a DVD+R Disc until 
the Host explicitly tells the Drive to do so. In addition, the Host shall not tell the Drive to store the DKB 
(and Unique ID) in Buffer Zone 2 on a DVD+R Disc until a Protected Video Recording is (about to be) 
made on the Disc. 
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To successfully execute the authentication protocol, the Drive and the Host shall execute the following 
eight steps in the order of appearance: 


Step 1. The Host shall request the Drive to return the Device ID,. 


Step 2. The Host shall use Device ID¿, to locate the Authorization Key KA, for the Drive in the built-in 
AKB. If the Drive is not authorized, the Host shall abort the authentication protocol. Otherwise, the 
Host shall generate a 64-bit random number RA . The Host shall send the following message to the 
Drive: 


J || RA || KAy. 
Here, j is the position of the Device ID, bit last used for branching in the leaf finding algorithm defined 
in Section 5.2. 
Step 3. The Drive shall obtain KRaut, as follows: 

KRauth = AESEncrypt(KN; KA,). 
Here KN; is the key in the set of Node Keys KN, that is associated with bit position j of Device ID4. 
Step 4. The Drive shall generate a 64-bit random number RD as well as a 128-bit random key 
contribution QD. The Host shall request the Drive to return the following encrypted message: 

(RA || RD || QD)KRauth = AESCBCEncrypt(KRautn, IV2, RA || RD || QD). 


The initialization vector IV2 is a 128-bit licensed constant. 


Step 5. The Host shall decrypt the message received from the Drive as follows: 

RA || RD || QD = AESCBCDecrypt(KRauth, IV2, (RA || RD || QD)KRautr). 
If RA is not identical to the value that the Host has sent to the Drive in step 2, the Host shall abort the 
authentication protocol. Otherwise, the Host shall continue with step 6. 
Step 6. The Host shall generate a 128-bit random key contribution QA. The Host shall send the 
following message to the Drive: 

(RD || RA || QA)KRauth = AESCBCEncrypt(KRautn, V2, RD || RA || QA). 
The Host shall calculate the Bus Key KB as follows: 

KB = AESHash(QD || QA). 


Step 7. The Drive shall decrypt the message received from the Host as follows: 
RD || RA || QA = AESCBCDecrypt(KRautn, IV2, (RD || RA || QA)KRauth)- 


If RD is not identical to the value that the Drive has sent to the Host in step 4, the Drive shall abort the 
authentication protocol. Otherwise, the Drive shall calculate the Bus Key KB as follows: 


KB = AESHash(QD || QA). 


Step 8. The Host shall request the Drive to return the following message: 


(DKB Hash || Reserved || Unique ID)KB 
= AESCBCEncrypt(KB, IV2, DKB Hash || Reserved || Unique ID). 


To assemble this message, a Drive that has playback-only functionality shall set the DKB Hash field to 
all zeros; a Drive that has recording functionality shall read the DKB Hash value from the hash region 
contained in the ADIP (see Section 6.2.3). The bit string Reserved consists of 88 bits that are set to 
‘0’. If DKB Hash is not identical to AESHash(DKB), where DKB is read from Buffer Zone 2 on the Disc, 
the Host shall abort the authentication protocol, and discard the Unique ID. 


If the Drive and/or the Host have aborted the authentication protocol, a retry of the authentication 
protocol shall start from step 1. 
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Annex A Pseudo code for EKB tree tracing (informative) 


The following piece of pseudo code parses the tag part of the EKB to yield the location of the 
Authorization Key KA, in the key part of the EKB. Note that this pseudo code is not a straightforward 
implementation of the algorithm given in Section 5.2. The reason is that the EKB tree is stored in a 
left-to-right, top-to-bottom fashion, which renders a sequential access algorithm more efficient. 

The input to this pseudo code are the Device ID, and the tags contained in the EKB (represented in 
Table 5-1 as Tag #1, Tag #2, ...). The pseudo code reads the tag bits sequentially, starting with Tag 
#1. After reading a tag, the variable Exists contains the value of the leftmost bit of the tag, the variable 
Left contains the center bit of the tag, and the variable Right contains the rightmost bit of the tag. 

After execution of this pseudo code, the variable Key_Index contains the location of the Authorization 
Key KA,. Key Index == 0 corresponds to Authorization Key #1. In addition, the variable j contains the 
bit position of the Device ID bit last used for branching. Decryption of the Authorization Key KA, 
indicated by Key Index using the Node Key KN, associated with bit j of the Device ID yield the Root 
Key KR. 


// Initialize variables 
Key_Index = 0; 

j= 39; 
This_Level_Skip_Count = 0; 
Next Level Skip Count = 0; 


// Process root node 
Read bits of Tag #1 ( Exists, Left, Right ); 
Child Exists = FALSE; 
if ( Device ID bit at bit position jis a ‘0’ ) { 
if ( Left == 0 ) Child Exists = TRUE; 
if ( Right == 0 ) **« Next Level Skip Count; 


else ( // Device ID at bit position j is a '1' 
if ( Left Z2 0 ) ** This Level Skip Count; 
if ( Right == 0 ) Child Exists = TRUE; 

} 


// Descend into the tree 
while ( Child Exists == TRUE ) { 


/! Skip to proper child node 
while ( This Level Skip Count—- 0 ) { 
Read bits of next tag ( Exists, Left, Right ); 
if ( Exists == 1) ** Key Index, 
if ( Left == 0 ) ** Next Level Skip Count, 
if ( Right == 0 ) ** Next Level Skip Count; 
} 


II Process child node 
Read bits of next tag ( Exists, Left, Right ); 
Child_Exists = FALSE; 
if ( Exists == 1 ) break; 


—] 
if ( Device ID bit at bit position jis a '0' ) { 
if ( Left == 0 ) Child Exists = TRUE; 
This Level Skip Count = Next Level Skip Count, 
Next Level Skip Count = 0; 
if ( Right == 0) **Next Level Skip Count; 


else { // Device ID bit at bit position j is a '1' 
if ( Left == 0 ) ** Next Level Skip Count, 
This Level Skip Count = Next Level Skip Count, 
Next Level Skip Count = 0; 
if ( Right == 0 ) Child Exists = TRUE; 
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Annex B Summary of keys and constants (informative) 


Table B-1 through Table B-4 summarize all cryptographic keys and constants that are used in the 
System Description VCPS, grouped per device type. 


Description 
Device ID 40 bits Uniquely identifies the Player or Recorder 





Node Keys 40 * 128 bits | Used to decrypt the Root Key KR from the DKB 
Initialization Vector 1 128 bits Used to start encryption/decryption of an AV Sector 

















Table B-1: Keys and constants contained in stand-alone Players and Recorders 


Device ID — 40 bits Uniquely identifies a Drive 

Node Keys KNg 40 * 128 bits | Used to decrypt the Root Key KRau from the AKB 

Initialization Vector 2 IV2 128 bits Used to start encryption/decryption of encrypted 
messages in the authentication protocol 




















Table B-2: Keys and constants contained in Drives 


Device ID — 40 bits Uniquely identifies the Player or Recorder 

Node Keys KN» 40 * 128 bits | Used to decrypt the Root Key KR from the DKB 
and the Root Key KRautn from the AKB 

Initialization Vector 1 IV1 128 bits Used to start encryption/decryption of an AV Sector 
Root Key KRauth 128 bits Delivered with the AKB 
Application Key AKB variable Used to authenticate a Drive 
Block 
Initialization Vector 2 IV2 128 bits Used to start encryption/decryption of encrypted 
messages in the authentication protocol 





























Table B-3: Keys and constants contained in Applications 


Description 

Unique ID 40 bits Identifies the disc 

Enabling Key Block Variable Contains the encrypted Root Key KR for authorized 
Players and Recorders 

Authorization Keys N* 128 bits | The Root Key KR encrypted with a number of Node 
Keys KN; contained in the DKB 

Unique Key 128 bits A key that is constant for all recordings on a Disc 
Program Key 128 bits A key that is used to calculated the Sector Keys 
KS; it is changed for each recording and CCl 
change 


























Table B-4: Keys and constants contained on Discs 
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Annex C EKB examples (informative) 


This Annex C provides two examples of the EKB defined in Section 5. The example EKB in Annex C.1 
authorizes all Device IDs. The example EKB in Annex C.2 revokes a few Device IDs. Annex C.3 lists 
the Node Key sets that are used to construct the example EKBs. All Node Keys used in these 
example EKBs are use for illustrative purposes only and will not be present in any Player or Recorder. 


C.1 Example EKB #1 


Figure C-1 shows the EKB tree in the case that all Device IDs are authorized. The EKB tree consists 
of a root node (the black circle) and both a left-hand child node and a right-hand child node (white 
circles). The tags that are associated with a node are indicated by the underlined bit sequences shown 
to the left of each node. The Authorization Keys, indicated as KA,, are shown to the right of the leaf 
nodes. The tag of the root node is ‘100’, which indicates that the node is the root node (leftmost tag bit 
is ‘1’), and has a left-hand child node (center tag bit is ‘0’) and a right-hand child node (rightmost tag 
bit is ‘0’). The tags of both child nodes are ‘111’, indicating that the nodes are child nodes. 


leve 0. 100 


level 1 11 





Figure C-1: EKB tree of example EKB #1 


Figure C-2 shows the EKB that contains the EKB tree shown in Figure C-1. All numbers are in 
hexadecimal notation. No values are shown for the Authentication Data field. The underlined parts of 
Figure C-2 show the EKB fields as defined in Table 5-1. The tags are obtained by concatenating all 
tags in a left-to right, top-to-bottom fashion, and subsequently padding to a byte boundary: 


‘400’ || 411' || 111' || ‘0000000’ = *1001111110000000' = Ox9F80. 


The Authorization Keys KA, are stored in a left-to-right, top-to-bottom fashion, so KAo comes first and 
KA, comes second. Devices 0x0000000000 through Ox7FFFFFFFFF obtain the Root Key KR by 
encrypting KAo with the Node Key KN that is associated with bit 39 of the Device ID (see Annex C.3). 
Devices 0x8000000000 through OxFFFFFFFFFF obtain the Root Key KR by encrypting KA; with the 
Node Key KN that is associated with bit 39 of the Device ID. 

The Root Key KR of the example EKB is 0x0123456789ABCDEFFEDCBA9876543210. 


0000: 56 43 50 53 5F 45 4B 42 00 00 01 44 00 00 00 01 






































EKB Signature EKB Size Sequence Number 
0010: A9 Cl 01 7E 61 2F F9 7E 9F 91 9C C3 4A 78 CD CD 
Key Check Data 
0020: E4 9F 6F 7A 55 OD OC 39 fn asi hls 
Authentication Data 
00A0: aeo os, ee cess; 10000510000"; 
Reserved 
0110: .. 00 00 00 00 
0120: 0003 9F 80 20 95 A3 FA 63 BB 38 40 20 69 FF 5D 
Tag Count Tags KA; 
0130: 5E 58 AD 79 34 D5 AA FC A5 04 C3 1A 94 61 37 3A 
KA; 


0140: 10 1D 8B EB 





Figure C-2: Example EKB #1 
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C.2 Example EKB #2 


Figure C-3 shows the EKB tree in the case that 6 Device IDs have been revoked. In this example the 
EKB tree consists of a root node (the black circle), a number of internal nodes (the gray circles) and 
41 leaf nodes (the white circles). The tags that are associated with a node are indicated by the 
underlined bit sequences shown to the left of each node. The Authorization Keys, indicated as KA,, 
are shown to the right of the leaf nodes. 










level 0 


level2 000 


level 36 000 


level 37 


level 38 


level 39 001 


level 40 11 


Figure C-3: EKB tree of example EKB #2 


Figure C-4 shows the EKB that contains the EKB tree shown in Figure C-3. All numbers are in 
hexadecimal notation. No values are shown for the Authentication Data field. The underlined parts of 
Figure C-4 show the EKB fields as defined in Table 5-1. The tags are obtained by concatenating all 
tags in a left-to right, top-to-bottom fashion, and subsequently padding to a byte boundary: 

‘100’ || ‘O00’ || ‘111’ || ‘000 || ‘1117 || ... || 111' |] 010" || £111? ||] 111’. 
The Authorization Keys KA, are stored in a left-to-right, top-to-bottom fashion, so KA, comes first, next 
comes KA;, etc. Devices 0x8000000000 through OxFFFFFFFFFF obtain the Root Key KR by 
encrypting KAo with the Node Key KN that is associated with bit 39 of the Device ID (see Annex C.3). 
Devices 0x4000000000 through Ox7FFFFFFFFF obtain the Root Key KR by encrypting KA, with the 
Node Key KN that is associated with bit 38 of the Device ID. Devices 0x2000000000 through 
Ox3FFFFFFFFF obtain the Root Key KR by encrypting KA» with the Node Key KN that is associated 
with bit 37 of the Device ID. ... Devices 0x000000000C through 0x000000000F obtain the Root Key 
KR by encrypting KAzs with the Node Key KN that is associated with bit 2 of the Device ID. Devices 
0x0000000002 and 0x0000000003 obtain the Root Key KR by encrypting KA37 with the Node Key KN 
that is associated with bit 1 of the Device ID. Devices 0x0000000008 and 0x0000000009 obtain the 
Root Key KR by encrypting KAsa with the Node Key KN that is associated with bit 1 of the Device ID. 
Device 0x0000000000 obtains the Root Key KR by encrypting KAzy with the Node Key KN that is 
associated with bit 0 of the Device ID. Device 0x000000000B obtains the Root Key KR by encrypting 
KA, with the Node Key KN that is associated with bit O of the Device ID. 
The Root Key of the example EKB is OXFEDCBA98765432100123456789ABCDEF. 
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Version 1.34 
0000: 56 43 50 53 5F 45 4B 42 00 00 03 D2 00 00 00 02 
EKB Signature EKB Size Sequence Number 
0010: 68 79 25 24 45 A8 EF 22 56 3B 18 B7 4A B7 E7 6C 
Key Check Data 
0020: B4 EC 15 35 34 6F A9 5B bo uiu. utis 
Authentication Data 
00A0 00 00 00 OO... 
Reserved 
0110: .. 00 00 00 00 
0120: 00 54 83 8E 38 E3 8E 38 E3 8E 38 E3 8E 38 E3 8E 
Tag Count Tags 
0130: 38 E3 8E 38 E3 8E 38 E3 8E 38 E3 8E 38 E4 01 CE 
0140: EB FO EE 2E 76 4A AO 19 DD 60 99 90 10 9D 30 6D 
KAo 
0150: A8 3F FE 63 38 D5 7D 15 76 FA 13 88 C8 3D EB 59 
KA, 
0160: 97 E9 El OC 9D 11 29 2D 03 14 5B C8 BA 6F 07 D4 
KA2 
0170: 31 DD 8F 32 CD 63 OA OE B8 71 40 AC A4 BA OA 95 
0180: 5F 1B AF 9A 2B A4 AE 7C 4B BO FC A8 17 EC 89 OD 
0190: 22 BE AD 98 D5 F5 4E CD 67 AF 3D AB E7 OB 80 AF 
01A0: AD 65 F9 48 99 58 1E EC B5 06 2D 5E 46 29 C5 OB 
01B0: 17 7B 6C 9E EF 10 6F 89 84 82 9E EF 86 58 D5 39 
01C0: E3 87 A6 32 93 A7 5D 64 2F 84 3B BD 5A 67 38 8F 
01D0: 23 07 6F 24 72 DB 41 OE 36 87 BE 08 15 7B AO D1 
01E0: B6 F3 A3 B9 71 C5 OE 7B 25 50 3A 20 F7 1F 41 77 
O1FO: 5D FD 8D 7A 48 1A 92 BO 9A BA BE 6F 23 CD OA D6 
0200: 08 BA AC 7E 1A BC FF B1 5C 89 B3 02 59 54 63 BE 
0210 65 D1 FA Al A6 2A 06 32 01 38 8F 52 04 9F 92 3F 
0220 ED F5 D2 66 AD 5F 62 53 AC C3 5E 32 81 8F 56 B9 
0230 47 FA 99 3F 15 A4 97 E8 6E 79 BO DO 1F BO 6D 50 
0240: CE OE 56 40 5F EO D2 74 8F 69 35 OC F9 49 2B 83 
0250: 5D 6F CA BE 91 66 44 71 BA 99 16 Al 63 7C E4 48 
0260: 25 58 15 2C 6D 83 48 5C DE 60 12 31 FD E4 B1 CC 
0270: 78 DO 47 70 72 18 AF 4C 6B OF 8D 7D 28 78 6F 60 
0280: 72 8B 45 14 46 AF F9 A6 25 50 09 BC FA 1C A8 3B 
0290: 6A DC 20 48 1A E3 28 C8 91 7A E8 F8 69 55 52 53 
02A0: 7B A7 E2 8F 83 OC 4F EE 60 CA F1 12 F6 61 FA 13 
02B0: 2F 20 C4 A3 90 65 70 BO 09 7D 52 6D A6 FO F6 8F 
02C0: F5 00 6A EA D4 B4 3D 31 OE BC 8E 51 E9 3E 56 F3 
02D0: 31 30 B8 7E D2 BO 17 84 E3 D8 53 BB E7 1C 02 El 
O2E0: 35 20 AO CA 5F FD 35 Cl BF CC 81 34 22 46 84 AA 
02F0: 26 53 F5 4B 59 2B 12 3D B5 9B A6 OE F5 DB AY 88 
0300: E 2F 10 BO 03 1E 4A 97 52 DB 7E 58 E5 4D 44 51 
0310: 03 B2 99 FA 01 56 39 73 76 03 E8 99 A8 3E 3F 2E 
0320: 21 1B 65 3E 2D 70 51 D3 40 EC AO D8 1A 19 3A 07 
0330: 10 7C E3 ED CE 72 93 03 6B CO F9 11 3E A2 EO 75 
0340: 73 15 B9 22 65 72 1B B5 6D DO 75 57 AD 6D 98 81 
0350: EC 01 FO CA C6 15 85 EF B9 FD F1 3D EB 24 DA FO 
0360: AB 94 34 3F F7 BO DF EA 7E A3 D2 CE E2 EB FD 6E 
0370: B6 72 88 96 35 37 CA EE 8E EE 1B 1C Cl 7E 88 A5 
0380: DB Al AF 68 5D 5D 27 20 5E 44 1E 43 55 5B 9F 91 
KAze6 
0390 FO 1E A7 7C CA 22 F7 5F 00 A4 FC 2B F3 63 05 AE 
KA37 
03A0: 5B 32 9F 8D 28 DA 29 2F FC 88 09 30 07 6A 3C El 
KAss 
03B0 F2 7B D5 CO FD 61 FB 28 93 D8 92 EC 85 44 50 46 
KAs39 
03C0: 89 57 AO F4 37 EC D4 B2 2D AD EE 7D 71 C4 70 DO 
KA% 
03D0: D2 CC 


Figure C-4: Example EKB #2 
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C.3 Example Node Key sets 


Figure C-5 through Figure C-20 show the sets of Node Keys KN of Devices 0x0000000000 through 
0x000000000F used to create the example EKBs in this Annex C. All numbers are in hexadecimal 
notation. The first column shows the Device ID bit position that the Node Key KN is associated with. 


39; 
38: 
373 
36: 
353 
34: 
33% 
32: 
SIs 
30: 
295 
28: 
27: 
26: 
253 
24: 
234 
22: 
21: 
20: 
19% 
18: 
Tu 
16: 
LO 
14: 
13% 
12: 
TS 
10: 


o 


O |^ MN UU o -0 


6c 
42 
cs 
6D 
DO 
ST 
1D 
D4 
AT 
32 
AB 
5B 
65 
5F 
95 
oc 
76 
09 
OD 
YE 
05 
76 
AC 
32 
58 
oc 
E6 
19 
4E 
DC 
40 
1D 
40 
18 
06 
29 
98 
44 
A3 
69 


4A 
DC 
53 
E8 
DD 
FD 
A5 
44 
EB 
28 
52 
08 
95 
4B 
62 
7B 
4B 
5A 
55 
CE 
31 
5c 
38 
B9 
83 
24 
94 
34 
39 
43 
ED 
El 
1B 
4A 
3E 
ic 
40 
94 
46 
62 


76 
8F 
DO 
F3 
4B 
1A 
C6 
11 
FA 
86 
E3 
60 
50 
03 
B8 
06 
1D 
OE 
29 
43 
74 
6C 
BB 
ED 
38 
03 
A5 
OD 
AD 
32 
34 
5B 
E3 
04 
06 
00 
28 
F2 
4C 
F6 


B1 
13 
E6 
51 
6A 
05 
84 
56 
33 
71 
A6 
BD 
70 
F3 
B9 
9c 
41 
D8 
0D 
C8 
DO 
34 
62 
10 
0B 
92 
5E 
AE 
97 
B6 
B4 
31 
95 
14 
98 
C6 
E8 
SF 
AC 
F9 


C7 
9B 
95 
55 
65 
El 
oF 
7B 
2E 
6A 
35 
D3 
2D 
A9 
A2 
B5 
89 
6F 
8A 
C6 
EC 
E8 
95 
EF 
oF 
39 
oc 
9A 
F2 
D3 
40 
8D 
4B 
4E 
55 
E9 
8D 
0B 
6E 
CE 


7C 
EO 
05 
BF 
98 
3D 
60 
83 
Bl 
04 
50 
1B 
TE 
B7 
A2 
DA 
3c 
84 
8D 
D5 
32 
73 
BF 
8F 
2B 
56 
24 
CE 
TE 
AD 
oc 
59 
D7 
B8 
8A 
CD 
BO 
2C 
D7 
74 


D7 
OF 
7A 
68 
67 
C3 
72 
DF 
9c 
9E 
2A 
F4 
06 
19 
IF. 
78 
18 
88 
4F 
64 
AF 
82 
E8 
2F 
B6 
83 
CF 
97 
OD 
E2 
39 
EE 
cl 
F8 
68 
2E 
FF 
B3 
8A 
17 


25 
10 
29 
3B 
DD 
cs 
B9 
D9 
A9 
25 
5E 
75 
E4 
26 
97 


B9 
A2 
85 
66 
49 
F4 
32 
81 
37 
F9 
74 
F8 
67 
D2 
92 
33 
CD 
c3 


46 
cL 
OA 
FB 
5C 
2E 
63 
E8 
66 
E4 
AF 
92 
OA 
5A 
28 
D5 
1c 
OD 
24 
CD 
C7 
oc 
61 
BO 
49 
00 
9D 
B1 
76 
F7 
B3 
Fl 
E4 
B4 
77 
66 
D7 
7A 
FE 
3D 


43 
DE 
A3 
Al 
FO 
05 
C7 
32 
3B 
06 
CB 
EA 
4A 
8A 
81 
46 
ED 
A3 
BD 
CA 
05 
72 
59 
A8 
B9 
3D 
0B 
39 
90 
93 
51 
72 
6D 
60 
3B 
9B 
8B 
29 
87 
B5 


20 
85 
2E 
42 
2A 
49 
29 
92 
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6D 
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co 
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2D 
DE 
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06 
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A4 
deL 
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7D 
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DD 
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6D 
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D3 
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7B 
4A 
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0A 
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26 
AO 
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4A 
El 
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Figure C-5: Node Key KN set of example 
Device ID 0x0000000000 
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Figure C-6: Node Key KN set of example 


40 


Device ID 0x0000000001 


Version 1.34 


39: 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 
38: 42 DC 8F 13 9B EO OF 10 C1 5F 85 E8 10 D3 E2 AF 
37: C5 53 DO EG 95 05 7A 29 OA A3 2E A4 17 21 72 DF 
36: 6D E8 F3 51 55 BF 68 3B FB Al 42 44 72 63 A2 AB 
35: DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 
34: 31 FD 1A 05 El 3D C3 C5 2E 05 49 4A 08 9B 74 24 
33: 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 
32: D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 
31: 71 EB FA 33 2E B1 9C A9 66 3B 62 47 4D 1C 6E FB 
30: 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 
29: AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 
28: 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 
27: 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 
26: SF 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 
25: 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 
24: OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 
23: 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 
22: 09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
21: OD 55 29 OD 8A 8D 4F OC 24 BD 44 5C D8 ED OF E3 
20: 77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
19: 05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
18: 76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
17: AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
16: 32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
15: 58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
14: 0C 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
13: E6 94 A5 5E OC 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
12: 19 34 OD AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
11: 4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
10: DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


9: 40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 
8: 1D El 5B 37 8D 59 EE F9 Fl 72 2D 11 96 38 CE 00 
7: 40 1B E3 95 4B D7 Cl 74 E4 6D DE 01 13 EC 60 38 
6: 18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 
5: 06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 
4: 29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 
3: 98 40 28 E8 8D BO FF 92 D7 8B El 24 95 FD 8E 74 
2: 44 94 F2 5F OB 2C B3 33 7A 29 3A DD 30 4A Cl 8D 
1: 13 8E CA OF E3 70 1A 5F E2 81 4E 03 BC 18 BC 11 
0: A5 C3 5C 7C A8 7E 32 94 51 75 F8 1F 49 AE 79 6A 


Figure C-7: Node Key KN set of example 
Device ID 0x0000000002 


6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 
42 DC 8F 13 9B EO OF 10 Cl 5F 85 E8 10 D3 E2 AF 
C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF 
6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 
DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 
31 FD 1A 05 E1 3D C3 C5 2E 05 49 4A 08 9B 74 24 
1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 
D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 
71 EB FA 33 2E Bl 9C A9 66 3B 62 47 4D 1C 6E FB 
32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 
AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 
5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 
65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 
5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 
95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 
OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 
76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 
09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
0D 55 29 0D 8A 8D 4F OC 24 BD 44 5C D8 ED OF E3 
77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
OC 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 DY 31 
E6 94 A5 5E 0C 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 0D AE 9A CE 97 F4 Bl 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


kp ppppmpp ppN INI III NS IS ( Q( Q( U U U Q( Q( WW 
O P M Q 4 UI O -1 O to O P I Q BUAN O t0 O P. M Q «à UI O -1 O 
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40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 
8: 1D El 5B 37 8D 59 EE F9 Fl 72 2D 11 96 38 CE 00 
7: 40 1B E3 95 4B D7 Cl 74 E4 6D DE 01 13 EC 60 38 
6: 18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 
5: 06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 
4: 29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 
3: 98 40 28 E8 8D BO FF 92 D7 8B El 24 95 FD 8E 74 
2: 44 94 F2 5F OB 2C B3 33 7A 29 3A DD 30 4A C1 8D 
1: 13 8E CA OF E3 70 1A 5F E2 81 4E 03 BC 18 BC 11 
0: AB E4 AC 1E 85 68 11 78 10 3A AC FO CF 2E 89 3B 


Figure C-8: Node Key KN set of example 
Device ID 0x0000000003 


€ Royal Philips Electronics, April 2006 


System Description VCPS 
Video Content Protection System for the DVD+R/+RW Video Recording Format 





Version 1.34 Annex C 
39 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 
38 42 DC 8F 13 9B EO OF 10 C1 5F 85 E8 10 D3 E2 AF 42 DC 8F 13 9B EO OF 10 C1 5F 85 E8 10 D3 E2 AF 
3d C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF 
36 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 
35 DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 
34 31 FD 1A 05 El 3D C3 C5 2E 05 49 4A 08 9B 74 24 31 FD 1A 05 El 3D C3 C5 2E 05 49 4A 08 9B 74 24 
33: 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F OF 
32: D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 
31: 71 EB FA 33 2E Bl 9C A9 66 3B 62 47 4D 1C 6E FB 71 EB FA 33 2E B1 9C A9 66 3B 62 47 4D 1C 6E FB 
30: 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 
29: AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 
28 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 
27 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 
26 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 
25 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 95 62 B8 BY A2 A2 1F 97 28 81 14 F1 8A 1E 5A F2 
24 OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 
23 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 


09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
0D 55 29 0D 8A 8D 4F OC 24 BD 44 5C D8 ED OF E3 
77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
OC 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
E6 94 A5 5E OC 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 0D AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
OD 55 29 OD 8A 8D 4F OC 24 BD 44 5C D8 ED OF E3 
77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
OC 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
E6 94 A5 5E 0C 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 0D AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


Eig op ppp pp pp INN INN IO IO IO. IN) [9. I9 0 ( () (QU 0 0 WWW 
O HP M Q 4 O1 O0 -H O to O P M Q (5 Ol O -H OO t0 O P. M Q à UI O -d 0 O 
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40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 
1D El 5B 37 8D 59 EE F9 Fl 72 2D 11 96 38 CE 00 8: 1D El 5B 37 8D 59 EE F9 Fl 72 2D 11 96 38 CE 00 
40 1B E3 95 4B D7 C1 74 E4 6D DE 01 13 EC 60 38 7: 40 1B E3 95 4B D7 C1 74 E4 6D DE 01 13 EC 60 38 
18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 6: 18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 
06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 5: 06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 
29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 4: 29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 
98 40 28 E8 8D BO FF 92 D7 8B El 24 95 FD 8E 74 3: 98 40 28 E8 8D BO FF 92 D7 8B El 24 95 FD 8E 74 
2F 4A 96 89 38 09 D5 23 1A 2E 7E 9B 7B DB FA 9E 2: 2F 4A 96 89 38 09 D5 23 1A 2E 7E 9B 7B DB FA 9E 
80 04 7F F7 9B 9B 7D 16 E2 AD 9E 7B E3 8D C5 52 1: 8A 17 84 BE 07 80 FO 65 Fl 8B F8 34 36 78 AE D3 
01 EO 3F B3 9F 4D 34 28 34 93 4A B3 ED 44 7A 4D 0: 91 CB 41 35 3E E8 C8 C9 00 61 86 4C DB 3C 67 99 


Figure C-9: Node Key KN set of example Figure C-11: Node Key KN set of example 
Device ID 0x0000000004 Device ID 0x0000000006 


39 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 
38 42 DC 8F 13 9B EO OF 10 Cl 5F 85 E8 10 D3 E2 AF 42 DC 8F 13 9B EO OF 10 C1 5F 85 E8 10 D3 E2 AF 
37 C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF 
36 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 
35 DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 
34 31 FD 1A 05 E1 3D C3 C5 2E 05 49 4A 08 9B 74 24 31 FD 1A 05 E1 3D C3 C5 2E 05 49 4A 08 9B 74 24 
33: 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 
32: D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 
31: 71 EB FA 33 2E Bl 9C A9 66 3B 62 47 4D 1C 6E FB 71 EB FA 33 2E Bl 9C A9 66 3B 62 47 4D 1C 6E FB 
30: 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 
29: AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 
28 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 
27 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 
26 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 
25 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 
24 OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 
23 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 


09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
0D 55 29 0D 8A 8D 4F OC 24 BD 44 5C D8 ED OF E3 
77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 0B 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
OC 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
E6 94 A5 5E OC 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 OD AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
OD 55 29 OD 8A 8D 4F OC 24 BD 44 5C D8 ED OF E3 
77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
OC 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
E6 94 A5 5E 0C 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 0D AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


PPP PRPRPEP pppNN INN IIN N NI M ( Q( Q( 0 UO 0 Q Q( ww 
O P M Q i5 O1 O0 -1 O io O P IM (Q) iS O1 O) -H OO i0 O IB. 9 Q «S O1 Os JO 


|)bmbpbBpBpBmpBmpbmbpINNWNNM 
O LP M Q (5 Ul O) -J O t0 O P. N Q «i OT O - O0 t0 O P. 
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40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 
1D El 5B 37 8D 59 EE F9 F1 72 2D 11 96 38 CE 00 8: 1D El 5B 37 8D 59 EE F9 Fl 72 2D 11 96 38 CE 00 
40 1B E3 95 4B D7 C1 74 E4 6D DE 01 13 EC 60 38 7: 40 1B E3 95 4B D7 C1 74 E4 6D DE 01 13 EC 60 38 
18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 6: 18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 
06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 5: 06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 
29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 4: 29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 
98 40 28 E8 8D BO FF 92 D7 8B El 24 95 FD 8E 74 3: 98 40 28 E8 8D BO FF 92 D7 8B El 24 95 FD 8E 74 
2F 4A 96 89 38 09 D5 23 1A 2E 7E 9B 7B DB FA 9E 2: 2F 4A 96 89 38 09 D5 23 1A 2E 7E 9B 7B DB FA 9E 
80 04 7F F7 9B 9B 7D 16 E2 AD 9E 7B E3 8D C5 52 1: 8A 17 84 BE 07 80 FO 65 Fl 8B F8 34 36 78 AE D3 
5E 73 FA AB 81 AE FC 47 F1 CD 53 25 96 5B 55 E2 0: D3 31 FF 2A 70 9A 11 95 OB 84 FA 77 63 1B F3 A6 


Figure C-10: Node Key KN set of example Figure C-12: Node Key KN set of example 
Device ID 0x0000000005 Device ID 0x0000000007 
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System Description VCPS 
Video Content Protection System for the DVD+R/+RW Video Recording Format 





76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 0B 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
0C 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
E6 94 A5 5E OC 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 0D AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
0C 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
E6 94 A5 5E 0C 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 OD AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


Annex C Version 1.34 
39 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 39 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 
38 42 DC 8F 13 9B EO OF 10 C1 5F 85 E8 10 D3 E2 AF 38 42 DC 8F 13 9B EO OF 10 C1 5F 85 E8 10 D3 E2 AF 
37 C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF 37 C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF 
36 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 36 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 
35: DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 35 DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 
34: 31 FD 1A 05 E1 3D C3 C5 2E 05 49 4A 08 9B 74 24 34 31 FD 1A 05 E1 3D C3 C5 2E 05 49 4A 08 9B 74 24 
33% 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 33 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F OF 
32: D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 32 D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 
31: 71 EB FA 33 2E Bl 9C A9 66 3B 62 47 4D 1C 6E FB 31 71 EB FA 33 2E B1 9C A9 66 3B 62 47 4D 1C 6E FB 
30: 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 30 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 
293 AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 29 AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 
28 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 28 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 
27 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 27 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 
26 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 26 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 
25 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 25 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 
24 OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 24 OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 
234 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 23 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 
224 09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 22 09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
21% 0D 55 29 OD 8A 8D 4F 0C 24 BD 44 5C D8 ED OF E3 21 OD 55 29 OD 8A 8D 4F 0C 24 BD 44 5C D8 ED OF E3 
20: 77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 20 77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
3:93 05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 19 05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 

18 
17 
16 
15 
14 
13 
12 
11 
10 


brea 
CRNWAUDIBOCORNWHAUDIO 
o 


40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 
1D El 5B 37 8D 59 EE F9 F1 72 2D 11 96 38 CE 00 8: 1D El 5B 37 8D 59 EE F9 Fl 72 2D 11 96 38 CE 00 
40 1B E3 95 4B D7 C1 74 E4 6D DE 01 13 EC 60 38 7: 40 1B E3 95 4B D7 C1 74 E4 6D DE 01 13 EC 60 38 
18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 6: 18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 
06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 5: 06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 
29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 4: 29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 
CB 22 FA 13 F3 16 41 67 C3 5E D3 CA 09 AA AE C6 3: CB 22 FA 13 F3 16 41 67 C3 5E D3 CA 09 AA AE C6 
85 38 4B CE E2 93 A5 EC 5D D7 19 B2 7F CB 05 E3 2: 85 38 4B CE E2 93 A5 EC 5D D7 19 B2 7F CB 05 E3 
29 69 B2 AD 97 OB EA FB 9E EA 9E C7 57 77 D2 DA 1: E4 DA 9A A4 A8 78 5A 63 E8 5C 39 B4 OD 8A E8 EC 
B8 AE 9E 8B E8 17 OB D6 8F 3D 4E B4 B8 3C 79 Al 0: 9C E4 69 8C AF A3 2D E8 4E 5D 41 9D FE B5 CC B4 


Figure C-13: Node Key KN set of example Figure C-15: Node Key KN set of example 
Device ID 0x0000000008 Device ID 0x000000000A 


39 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 
38 42 DC 8F 13 9B EO OF 10 Cl 5F 85 E8 10 D3 E2 AF 42 DC 8F 13 9B EO OF 10 Cl 5F 85 E8 10 D3 E2 AF 
37 C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF 
36 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 
35: DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 
34: 31 FD 1A 05 El 3D C3 C5 2E 05 49 4A 08 9B 74 24 31 FD 1A 05 El 3D C3 C5 2E 05 49 4A 08 9B 74 24 
33: 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 
32: D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 
31: 71 EB FA 33 2E Bl 9C A9 66 3B 62 47 4D 1C 6E FB 71 EB FA 33 2E Bl 9C A9 66 3B 62 47 4D 1C 6E FB 
30: 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 
29: AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 
28 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 
27 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 
26 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 
25 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 
24 OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 
23 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 


09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
0D 55 29 0D 8A 8D 4F OC 24 BD 44 5C D8 ED OF E3 
77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 0B 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
OC 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
E6 94 A5 5E OC 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 OD AE 9A CE 97 F4 Bl 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
OD 55 29 OD 8A 8D 4F OC 24 BD 44 5C D8 ED OF E3 
77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
OC 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 
E6 94 A5 5E 0C 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
19 34 0D AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 


kj pop PRP RPE ppp NN IN NI IN NUN I I9 ( WUWU 0 UO 0 WWW Ww 
O P M Q i5 O1 O0 -1 O io O P I () BUONO i0 O IB. 9 Q «S OI Os -1 00 (o 


PRPRRPRRPRERRANNN» 
SCRPNWHUDAIBOCHNWAUDAITOAXOORN 
o 


40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 
1D El 5B 37 8D 59 EE F9 F1 72 2D 11 96 38 CE 00 8: 1D El 5B 37 8D 59 EE F9 Fl 72 2D 11 96 38 CE 00 
40 1B E3 95 4B D7 C1 74 E4 6D DE 01 13 EC 60 38 7: 40 1B E3 95 4B D7 Cl 74 E4 6D DE 01 13 EC 60 38 
18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 6: 18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 
06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 5: 06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 
29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 4: 29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 
CB 22 FA 13 F3 16 41 67 C3 5E D3 CA 09 AA AE C6 3: CB 22 FA 13 F3 16 41 67 C3 5E D3 CA 09 AA AE C6 
85 38 4B CE E2 93 A5 EC 5D D7 19 B2 7F CB 05 E3 2: 85 38 4B CE E2 93 A5 EC 5D D7 19 B2 7F CB 05 E3 
29 69 B2 AD 97 0B EA FB 9E EA 9E C7 57 77 D2 DA 1: E4 DA 9A A4 A8 78 5A 63 E8 5C 39 B4 OD 8A E8 EC 
A2 60 C2 EC 06 29 CC 30 91 EB 2A F5 F9 5B 36 DO 0: A7 D8 28 3A B2 C6 6E 58 B6 4D B7 45 10 CE 70 32 


Figure C-14: Node Key KN set of example Figure C-16: Node Key KN set of example 
Device ID 0x0000000009 Device ID 0x000000000B 
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Video Content Protection System for the DVD+R/+RW Video Recording Format 


System Description VCPS 


Version 1.34 Annex C 
39 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 39 6C 4A 76 B1 C7 7C D7 25 46 43 20 8F CD D6 FF 84 
38 42 DC 8F 13 9B EO OF 10 C1 5F 85 E8 10 D3 E2 AF 38 42 DC 8F 13 9B EO OF 10 C1 5F 85 E8 10 D3 E2 AF 
37 C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF 37 C5 53 DO E6 95 05 7A 29 OA A3 2E A4 17 21 72 DF 
36 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 36 6D E8 F3 51 55 BF 68 3B FB A1 42 44 72 63 A2 AB 
35: DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 35 DO DD 4B 6A 65 98 67 DD 5C FO 2A 58 AE 4E B7 6E 
34: 31 FD 1A 05 E1 3D C3 C5 2E 05 49 4A 08 9B 74 24 34 31 FD 1A 05 E1 3D C3 C5 2E 05 49 4A 08 9B 74 24 
33% 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F 9F 33 1D A5 C6 84 9F 60 72 B9 63 C7 29 64 61 25 4F OF 
32: D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 32 D4 44 11 56 7B 83 DF D9 E8 32 92 7E 09 OB 06 4D 
31: 71 EB FA 33 2E Bl 9C A9 66 3B 62 47 4D 1C 6E FB 31 71 EB FA 33 2E B1 9C A9 66 3B 62 47 4D 1C 6E FB 
30: 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 30 32 28 86 71 6A 04 9E 25 E4 06 85 1A 59 BE 03 48 
293 AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 29 AB 52 E3 A6 35 50 2A 5E AF CB C3 13 13 30 3B AC 
28 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 28 5B 08 60 BD D3 1B F4 75 92 EA D3 06 41 ED D7 69 
27 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 27 65 95 50 70 2D 7E 06 E4 OA 4A 6D 63 CO OD D1 D4 
26 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 26 5F 4B 03 F3 A9 B7 19 26 5A 8A 55 DE CD 6D D3 OD 
25 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 25 95 62 B8 B9 A2 A2 1F 97 28 81 14 Fl 8A 1E 5A F2 
24 OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 24 OC 7B 06 9C B5 DA 78 52 D5 46 2E CE BO E8 79 OA 
234 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 23 76 4B 1D 41 89 3C 18 BB 1C ED E4 8A ED A2 93 E4 
224 09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 22 09 5A OE D8 6F 84 88 5C OD A3 F2 BO 24 19 FB 98 
21% 0D 55 29 OD 8A 8D 4F 0C 24 BD 44 5C D8 ED OF E3 21 OD 55 29 OD 8A 8D 4F 0C 24 BD 44 5C D8 ED OF E3 
20: 77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 20 77 CE 43 C8 C6 D5 64 AA CD CA BA 34 Al FD F8 04 
3:93 05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 19 05 31 74 DO EC 32 AF Al C7 05 45 F4 AA 7B 4E 7C 
18: 76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 18 76 5C 6C 34 E8 73 82 2F OC 72 32 20 6F 4A 3F EF 
17; AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 17 AC 38 BB 62 95 BF E8 B9 61 59 C8 55 EC F7 1B E2 
16: 32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 16 32 B9 ED 10 EF 8F 2F A2 BO A8 C9 65 EC CO FB 25 
I5: 58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 15 58 83 38 OB 9F 2B B6 85 49 B9 79 71 87 2C 68 8B 
14: Oc 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 D9 31 14 OC 24 03 92 39 56 83 66 00 3D 5E 24 F3 16 DY 31 
13+ E6 94 A5 5E OC 24 CF 49 9D OB 67 3F 7A B5 9E 9A 13 E6 94 A5 5E 0C 24 CF 49 9D OB 67 3F 7A B5 9E 9A 
12: 19 34 OD AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 12 19 34 OD AE 9A CE 97 F4 B1 39 71 27 C8 OA 5A 28 
11: 4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 11 4E 39 AD 97 F2 7F OD 32 76 90 CO 40 6B 53 41 EE 
I0: DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 10: DC 43 32 B6 D3 AD E2 81 F7 93 76 OE AB 26 91 84 

Ore 40 ED 34 B4 40 OC 39 37 B3 51 AD A4 1C AO C1 C8 ioe 40 ED 34 B4 40 0C 39 37 B3 51 AD A4 1C AO C1 C8 
8: 1D El 5B 37 8D 59 EE F9 F1 72 2D 11 96 38 CE 00 8: 1D El 5B 37 8D 59 EE F9 F1 72 2D 11 96 38 CE 00 
Té 40 1B E3 95 4B D7 C1 74 E4 6D DE 01 13 EC 60 38 7: 40 1B E3 95 4B D7 Cl 74 E4 6D DE 01 13 EC 60 38 
6: 18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 6: 18 4A 04 14 4E B8 F8 F8 B4 60 47 3F FF 67 E4 EF 
52 06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 54 06 3E 06 98 55 8A 68 67 77 3B BB B9 B8 42 3A AF 
4: 29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 4: 29 1C 00 C6 E9 CD 2E D2 66 9B BE 7D 53 BE 1D 83 
Be CB 22 FA 13 F3 16 41 67 C3 5E D3 CA 09 AA AE C6 35 CB 22 FA 13 F3 16 41 67 C3 5E D3 CA 09 AA AE C6 
2: 40 6E A5 97 6C 21 F2 CF F3 2F 76 95 64 5D F5 OC 23 40 6E A5 97 6C 21 F2 CF F3 2F 76 95 64 5D F5 OC 
1: 08 B5 8D E9 E5 D2 10 96 8E BB E2 1B 96 69 AO FY 13 86 59 78 D3 0E EC 12 91 AA CA 96 5D A9 AA BE 3E 
0: 9D 67 DB FD 96 98 18 E3 34 16 76 2A 8A 44 FB 97 0: 51 F1 D1 8B 8D C4 1D 28 F4 DA 3E 43 11 60 84 4F 


Figure C-17: Node Key KN set of example 


39 6c 
38 42 
37 C5 
36 6D 
35: DO 
34: 31 
333) > LD 
32: D4 
31: 71 
30: 32 
29: AB 
28 5B 
27 65 
26 5F 
25 95 
24 oc 
23: 76 
22: 09 
21: OD 
20: 77 
19: 05 
18: 76 
17: AC 
16: 32 
153. 58 
14: OC 
13: E6 
12: 19 
11: 4E 
10: DC 
9: 40 
8: 1D 
7: 40 
6: 18 
5: 06 
4: 29 
3: CB 
2: 40 
1: 08 
0: 9D 


Figure C-18: Node Key KN set of example 
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4A 
DC 
53 
E8 
DD 
FD 
A5 
44 
EB 
28 
52 
08 
95 
4B 
62 
7B 
4B 
5A 
55 
CE 
31 
5C 
38 
B9 
83 
24 
94 
34 
39 
43 
ED 
El 
1B 
4A 
3E 
1c 
22 
6E 
B5 
67 


Device ID 0x000000000C 


76 
8F 
DO 
F3 
4B 
1A 
C6 
11 
FA 
86 
E3 
60 
50 
03 
B8 
06 
1D 
OE 
29 
43 
74 
6C 
BB 
ED 
38 
03 
A5 
0D 
AD 
32 
34 
5B 
E3 
04 
06 
00 
FA 
A5 
8D 
DB 


B1 
13 
E6 
51 
6A 
05 
84 
56 
33 
ESL 
A6 
BD 
70 
F3 
B9 
9c 
41 
D8 
0D 
C8 
DO 
34 
62 
10 
0B 
92 
5E 
AE 
97 
B6 
B4 
37 
95 
14 
98 
C6 
13 
97 
E9 
FD 


C7 
9B 
95 
55 
65 
El 
oF 
7B 
2E 
6A 
35 
D3 
2D 
A9 
A2 
B5 
89 
6F 
8A 
C6 
EC 
E8 
95 
EF 
9F 
39 
oc 
9A 
F2 
D3 
40 
8D 
4B 
4E 
55 
E9 
F3 
6C 
E5 
96 


7C 
EO 
05 
BF 
98 
3D 
60 
83 
B1 
04 
50 
1B 
TE 
B7 
A2 
DA 
3c 
84 
8D 
D5 
32 
73 
BF 
8F 
2B 
56 
24 
CE 
7F 
AD 
oc 
59 
D7 
B8 
8A 
CD 
16 
21 
D2 
98 


D7 
OF 
7A 
68 
67 
C3 
72 
DF 
9c 
9E 
2A 
F4 
06 
19 
TE. 
78 
18 
88 
4F 
64 
AF 
82 
E8 
2F 
B6 
83 
CF 
9 
0D 
E2 
39 
EE 
c1 
F8 
68 
2E 
41 
F2 
10 
18 


25 
10 
29 
3B 
DD 
c5 
B9 
D9 
A9 
25 
5E 
75 
E4 
26 
97 
52 
BB 
5C 
oc 
AA 
Al 
2F 
B9 
A2 
85 
66 
49 
F4 
32 
81 
37 
F9 
74 
F8 
67 
D2 
67 
CF 
96 
E3 


46 
cl 
0A 
FB 
5C 
2E 
63 
E8 
66 
E4 
AF 
92 
OA 
5A 
28 
D5 
1c 
0D 
24 
CD 
C7 
oc 
61 
BO 
49 
00 
9D 
Bl 
76 
F7 
B3 
Fl 
E4 
B4 
77 
66 
c3 
E 
8E 
34 


43 
SF 
A3 
Al 
FO 
05 
C7 
32 
3B 
06 
CB 
EA 
4A 
8A 
81 
46 
ED 
A3 
BD 
CA 
05 
72 
59 
A8 
B9 
3D 
0B 
39 
90 
93 
51 
72 
6D 
60 
3B 
9B 
5E 
2F 
BB 
16 


20 
85 
2E 
42 
2A 
49 
29 
92 
62 
85 
c3 
D3 
6D 
55 
14 
2E 
E4 
F2 
44 
BA 
45 
32 
C8 
c9 
79 
DE 
67 
71 
co 
76 
AD 
2D 
DE 
47 
BB 
BE 
D3 
76 
E2 
76 


8F 
E8 
A4 
44 
58 
4A 
64 
7E 
47 
1A 
13 
06 
63 
DE 
Fl 
CE 
8A 
BO 
5C 
34 
F4 
20 
55 
65 
71 
24 
3F 
27 
40 
OE 
A4 
11 
01 
3F 
B9 
7D 
CA 
95 
1B 
2A 


Device ID 0x000000000D 


FE 
E2 
72 
A2 
B7 
74 
4F 
06 
6E 
03 
3B 
D7 
D1 
D3 
5A 
79 
93, 
FB 
OF 
F8 
4E 
3F 
1B 
FB 
68 
D9 
9E 
5A 
41 
91 
cl 
CE 
60 
E4 
3A 
1D 
AE 
F5 
AO 
FB 


84 
AF 
DF 
AB 
6E 
24 
9F 
4D 
FB 
48 
AC 
69 
D4 
OD 
F2 
0A 
E4 
98 
E3 
04 
7C 
EF 
E2 
25 
8B 
31 
9A 
28 
EE 
84 
C8 
00 
38 
EF 
AF 
83 
C6 
oc 
F9 
97 


Figure C-19: Node Key KN set of example 
Device ID 0x000000000E 


39 6C 
38 42 
37 cs 
36 6D 
35 DO 
34 31 
33 1D 
32 D4 
31 71 
30 32 
29 AB 
28 5B 
27 65 
26 5F 
25 95 
24 oc 
23 76 
22 09 
21 OD 
20 77 
19 05 
18 76 
17 AC 
16 32 
15 58 
14 oc 
13 E6 
12 19 
11 4E 
10: DC 
9: 40 
8: 1D 
7: 40 
6: 18 
5: 06 
4: 29 
3: CB 
2: 40 
1: 86 
0: 51 


4A 
DC 
53 
E8 
DD 
FD 
AS 
44 
EB 
28 
52 
08 
95 
4B 
62 
7B 
4B 
SA 
55 
CE 
31 
5C 
38 
B9 
83 
24 
94 
34 
39 
43 
ED 
El 
1B 
4A 
3E 
1c 
22 
6E 
59 
DC 


76 
8F 
DO 
F3 
4B 
1A 
C6 
11 
FA 
86 
E3 
60 
50 
03 
B8 
06 
1D 
OE 
29 
43 
74 
6C 
BB 
ED 
38 
03 
AS 
OD 
AD 
32 
34 
5B 
E3 
04 
06 
00 
FA 
A5 
78 
Fl 


C7 
9B 
95 
55 
65 
El 
9r 
7B 
2E 
6A 
35 
D3 
2D 
A9 
A2 
B5 
89 
6F 
8A 
C6 
EC 
E8 
95 
EF 
9r 
39 
oc 
9A 
F2 
D3 
40 
8D 
4B 
4E 
55 
E9 
F3 
6C 
OE 
BO 


7C 
EO 
05 
BF 
98 
3D 
60 
83 
B1 
04 
50 
1B 
7E 
B7 
A2 
DA 
3c 
84 
8D 
D5 
32 
TS 
BF 
8F 
2B 
56 
24 
CE 
TE 
AD 
oc 
59 
D7 
B8 
8A 
cD 
16 
21 
EC 
BO 


D7 
OF 
7A 
68 
67 
c3 
72 
DF 
9c 
9E 
2A 
F4 
06 
49 
1F 
78 
18 
88 
4F 
64 
AF 
82 
E8 
2F 
B6 
83 
CF 
97 
OD 
E2 
39 
EE 
cl 
F8 
68 
2E 
41 
F2 
12 
E9 


43 
SF 
A3 
Al 
FO 
05 
C7 
32 
3B 
06 
CB 
EA 
4A 
8A 
81 
46 
ED 
A3 
BD 
CA 
05 
72 
59 
A8 
B9 
3D 
0B 
39 
90 
93 
51 
72 
6D 
60 
3B 
9B 
5E 
2F 
CA 
45 


20 
85 
2E 
42 
2A 
49 
29 
92 
62 
85 
c3 
D3 
6D 
55 
14 
2E 
E4 
F2 
44 
BA 
45 
32 
C8 
c9 
79 
5E 
67 
71 
co 
76 
AD 
2D 
DE 
47 
BB 
BE 
D3 
76 
96 
6A 


8F 
E8 
A4 
44 
58 
4A 
64 
7E 
47 
1A 
13 
06 
63 
DE 
EL 
CE 
8A 
BO 
5c 
34 
F4 
20 
55 
65 
du 
24 
3F 
27 
40 
OE 
A4 
BRE 
01 
3F 
B9 
7D 
CA 
95 
5D 
87 


FF 
E2 
72 
A2 
B7 
74 
4F 
06 
6E 
03 
3B 
D7 
D1 
D3 
5A 
79 
93 
FB 
OF 
F8 
4E 
3F 
1B 
FB 
68 
D9 
9E 
5A 
41 
91 
C1 
CE 
60 
E4 
3A 
1D 
AE 
FS 
BE 
CF 


84 
AF 
DF 
AB 
6E 
24 
9r 
4D 
FB 
48 
AC 
69 
D4 
OD 
F2 
0A 
E4 
98 
E3 
04 
7C 
EF 
E2 
25 
8B 
31 
9A 
28 
EE 
84 
C8 
00 
38 
EF 
AF 
83 
C6 
oc 
3E 
AB 


Figure C-20: Node Key KN set of example 
Device ID 0x000000000F 
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Figure C-21 shows the relevant Node Keys KN of Devices 0x0000000010 through OxFFFFFFFFFF 
used to create the example EKBs in Annex C.1 and Annex C.2. All numbers are in hexadecimal 
notation. The first column shows a Device ID range; the second column shows the Device ID bit 
position that is relevant for the Device ID range; the third column shows the Node Key KN that is 
associated with the relevant bit position. 


Device ID range Bit Position Associated Node Key 
8000000000... FFFFFFFFFF 39 OE 9D 39 D2 38 2A 81 E6 B9 06 C6 44 59 50 1A CO 
4000000000..7FFFFFFFFF 38 84 A2 87 F1 6C 73 05 01 FE DF 4A DO 71 D6 5A 55 
2000000000..3FFFFFFFFF 37. 3F BA DB C1 DO 11 D6 OF 41 B6 7C B5 D9 75 9B 3E 
1000000000..1FFFFFFFFF 36 F6 4F 67 Cl 1F C5 DF DD 3B 62 5D 3A 62 DD 66 81 
0800000000..0FFFFFFFFF 35 93 E9 OB 34 EB AO 77 9F B4 61 CC 77 7B 05 76 D4 
0400000000..07FFFFFFFF 34 D2 90 9C 11 69 DD 63 B9 B2 70 3B A7 4D AC 7A 06 
0200000000..03FFFFFFFF 33 A4 B2 5A 8E AB B3 OA F1 30 26 D3 Al 32 8F A2 4F 
0100000000..01FFFFFFFF 32 BB A8 OF FC E8 Al BO 95 5A 9B 3D 00 6F E7 02 26 
0080000000..00FFFFFFFF 31 E6 5F 6C FC 2C B1 CO 6B 79 5B FD 44 33 1A 69 34 
0040000000..007FFFFFFF 30 1D 6D BO B6 6E 2D 45 02 27 63 86 36 AB B5 3F 17 
0020000000..003FFFFFFF 29 32 93 F5 D9 5E 76 71 F5 D5 4F 61 53 AC C2 51 54 
0010000000..001FFFFFFF 28 60 F2 8A 57 E2 A2 3C 32 BB 2A CC F7 13 00 41 CC 
0008000000..000FFFFFFF 27 A9 B8 BB 7F 90 5A 50 34 FC 88 16 4F 7E 51 BC 76 
0004000000..0007FFFFFF 26 OF 4F B4 DD C3 DE 42 57 OA 80 39 72 74 EB E7 CD 
0002000000..0003FFFFFF 25 55 0A 64 BF 24 BC B9 28 13 7C BA 76 22 2F 99 DD 
0001000000..0001FFFFFF 24 46 33 D7 8E CB EF D6 DA 93 5C C3 92 DO A7 6F 66 
0000800000..0000FFFFFF 23 75 08 F0 16 OD B4 12 36 CC B8 7E 51 24 AE F7 DB 
0000400000..00007FFFFF 22 92 El OB F6 DB 1E 73 D6 35 B4 FO 4D 83 D2 27 99 
0000200000..00003FFFFF 21 B5 Fl D7 FF DA 45 D2 F9 CA 83 BO F4 04 78 BD 82 
0000100000..00001FFFFF 20 EA 06 Fl EB EO 08 FD El 93 A6 03 50 F5 4E BC D9 
0000080000..00000FFFFF 19 E7 13 18 65 87 4B AC 90 53 B6 15 4C 27 7E 83 B3 
0000040000..000007FFFF 18 03 C4 B7 10 1B E5 F6 AE 54 2F 97 CD D5 B2 3A 61 
0000020000..000003FFFF 17 27 16 85 4C B1 17 2D 99 37 BA DC E4 27 4B 08 27 
0000010000..000001FFFF 16 46 02 99 C8 AF OD FF 8B D4 CB 34 FC 35 DE 6D 53 
0000008000..000000FFFF 15 33 41 23 3E DC CC 85 AC 45 3C 8A 3E A2 3F 9B 10 
0000004000..0000007FFF 14 78 93 A8 34 A9 33 AE 07 DD 42 B1 97 89 90 34 23 
0000002000..0000003FFF 13 53 11 DF 92 9F A3 81 8B 66 1C 70 B5 38 A8 90 A7 
0000001000..0000001FFF 12 91 6C D9 79 25 3D DD A7 6B 31 05 42 E8 97 81 29 
0000000800..0000000FFF 11 99 90 19 02 A3 C9 FE C6 32 95 5A 6A 86 D5 97 F8 
0000000400..00000007FF 10 AB 59 F8 01 09 C6 26 EE 4C El 86 BC BA Cl AO D3 
0000000200..00000003FF 9 FE 49 9E D9 3A ED 06 2F 4E F7 25 97 94 64 DA B7 


0000000100..00000001FF 
0000000080..00000000FF 
0000000040..000000007F 
0000000020..000000003F 
0000000010..000000001F 


E3 14 6D B6 69 2B 3E 7C 3E CO 63 59 34 D5 9B E2 
65 E4 5A DO BE 04 5E BF 72 C1 12 11 44 FO 20 F3 
DD 99 13 A9 29 73 A5 94 CA 85 FC 65 E3 13 DE 38 
33 8D CE 4B 79 ED EA 6A A3 OF 13 49 64 A4 A7 17 
44 D7 36 51 5D 92 77 D1 FB ED EF 82 61 3E D2 A6 


Ul Oo - 0 


Figure C-21: Additional Node Keys KN used to construct the example EKBs 


Note that none of the Node Keys KN and Root Keys KR given in this Annex C will be usable for 
purposes other than decoding the example EKB #1 and example EKB #2. 


MM © Royal Philips Electronics, April 2006 


System Description VCPS 
Video Content Protection System for the DVD+R/+RW Video Recording Format 
Version 1.34 Annex D 


AnnexD Summary of start-up sequence (informative) 


D.1 Recorder start-up sequence 


Figure D-1 shows a summary of the actions that a Recorder must perform to start making a Protected 
Video Recording on a Disc. First, the Recorder must check if the disc supports Protected Video 
Recordings using the VCPS bit (bit 6 in byte 16 of the Physical Format Information in the ADIP). If that 
is not the case, the Recorder must notify the user that a Protected Video Recording cannot be made. 
Otherwise, the Recorder must check if a DKB is stored in Buffer Zone 2. If that is the case, the 
Recorder must retrieve the DKB and the Unique ID. For this purpose, a Recorder that consists of a 
Drive/Host combination must execute the authentication protocol specified in Section 7. Next, the 
Recorder must check if the DKB that is stored in Buffer Zone 2 is consistent with the DKB hash value 
that is stored in the ADIP. If that is the case, the Recorder can retrieve the encrypted Unique Key KU 
from the Disc (stored either in the file VIDEO _RM.IFO or in the file VIDEO RK.IFO) and start making 
the Protected Video Recording. Otherwise, the Recorder must randomly generate a new Unique Key 
KU, and store the new Unique Key on the Disc. The Recorder may start making the Protected Video 
Recording prior to storing an encrypted copy of the Unique Key KU on the Disc. 

If the DKB is not stored in Buffer Zone 2, the Recorder must check if the Disc is either a DVD+RW 
Disc, or a DVD+R Disc on which Buffer Zone 2 has not been recorded yet. If that is not the case, the 
Recorder must notify the user that a Protected Video Recording cannot be made. Otherwise, the 
Recorder must randomly generate both a new Unique Key KU and a new Unique ID, retrieve the DKB 
from either the ADIP or the Initial Zone, store the DKB and the Unique ID in Buffer Zone 2, and store 
an encrypted copy of the Unique Key KU on the Disc. Prior to encrypting KU, a Recorder that consists 
of a Drive/Host combination must execute the authentication protocol specified in Section 7. Note that 
the Recorder may retrieve the DKB from the ADIP while making the Protected Video Recording. 

Note that in case the Recorder consists of a Drive/Host combination, the Host initiates all actions 
shown in Figure D-1 using one or more Drive commands. As an exception, the Drive may 
autonomously perform the action “Collect DKB (while recording)” (e.g. as a background process). 


Retrieve media [ Retrieve media type & format status ] & format status 


no | Abort: Protected Video Recording EROR 
is not possible 


Retrieve DKB information 





















DKB stored in 
ADIP? 















Generate new Unique Key KU Generate new Unique Key KU 
Start Protected Video Recording Start Protected Video Recording 


Y 
Collect DKB (while recording) 


Generate Unique ID 



























































Retrieve DKB Retrieve DKB & copy to Buffer Zone 2 
l pass E 
| Retrieve Unique ID | E Retrieve Unique ID 
y 
E DIRE. no} Abort: Protected Video Recording 
consistent with hash an] 
in ADIP? P 








Retrieve Unique Key KU from Disc 
Start Protected Video Recording 





Store Unique Key KU on Disc 
Continue Protected Video Recording 


Figure D-1: Flow chart of Recorder start-up sequence 
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D.2 Player start-up sequence 


Figure D-2 shows a summary of the actions that a Player must perform to render a Protected Video 
recording from a Disc. First, the Player must check that the Disc contains Protected Video Recordings. 
Next, the Player must ensure that Buffer Zone 2 contains the DKB, and subsequently the Player must 
retrieve the DKB and the Unique ID. For this purpose, a Player that consists of a Drive/Host 
combination must execute the authentication protocol specified in Section 7. For this purpose, a Drive 
can recognize a Disc from the VCPS bits (bit 5 and bit 6 in byte 16 of the Physical Format Information 
in the Control Data Zone). Finally, the Player can retrieve the encrypted Unique Key KU from the 
Disc, and start rendering the Protected Video Recording. 

Note that in case the Recorder consists of a Drive/Host combination, the Host initiates all actions 
shown in Figure D-2 using one or more Drive commands. 





Retrieve media type & format status 


























Retrieve DKB 


A. Authenticate 


| pass 


Retrieve Unique ID 


| 


| Retrieve KU from Disc 








eem» Abort: playback is not permitted 























Start playback 





Figure D-2: Flow chart of Player start-up sequence 





14 Note that Protected Video Recordings may also occur on read-only media. A Drive can recognize 
such media from bit 5 in byte 16 of the physical format information, which in that case shall be set to 
‘1’. This is an extension to [DVD-ROM], Section 3.4.1.3.1, Physical format information. 
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AnnexE Drive commands (informative) 


This Annex E describes a command set, which a Host and a Drive can use, amongst others, to 
execute the authentication protocol defined in Section 7.5 The described commands are an extension 
to [MMC-4]. Note that this Annex E is provided for informational purposes only. Definitive 
standardization of a command set that is required to implement the System Description VCPS in a 
Player or Recorder that consists of a Drive/Host combination will be carried out by the MMC 
committee. 


E.1 VCPS feature 


The VCPS feature specifies the capability of the Drive to process the data structures on a 
DVD+R/+RW disc that are specified in this System Description VCPS. The VCPS feature shall be 
current only if a Disc is present. A Drive can recognize a Disc from bit 6 in byte 16 of the Physical 
Format Information in the ADIP and/or from bit 5 and bit 6 in byte 16 of the Physical Format 
Information in the Control Data Zone.***” The VCPS feature descriptor is shown in Table E-1. 


(msb) 


Feature Code (lsb) 














Reserved Version Persistent | Current 





Additional Length 





Reserved 





Table E-1: VCPS feature descriptor 
Feature Code. The Feature Code shall be set to 0x0110. 


Reserved. All reserved bits shall be set to ‘0’. All reserved bytes shall be set to 0x00. 
Version. The version field shall be set to 0. 


Persistent. The Persistent bit shall be set to ‘0’, indicating that the VCPS feature may change its 
current status. 


Current. If the Current bit is set to '0', the VCPS feature is not currently active, and certain feature 
dependent data may not be valid. If the Current bit is set to '1', a Disc is present and the feature 
dependent data is valid. See also Table E-2. 


Additional Length. Additional Length shall be set to 4. 





1 A hardware Application and a Drive can also use the command set described in this Annex E. 
Throughout this Annex E, any reference to "Host" may be assumed to implicitly include a reference to 
"hardware Application." 

1% The VCPS feature shall also be current if read-only DVD media are mounted, which contains 
Protected Video Recordings. A Drive can recognize such media from bit 5 in byte 16 of the physical 
format information, which in that case shall be set to ‘1’. This is an extension to [DVD-ROM], Section 
3.4.1.3.1, Physical format information. 

Note that a Drive may have to inspect Buffer Zone 2 as well, in case of a DVD+R Disc with a first 
session that is either open or has been closed by a recorder that is not designed to handle VCPS. 
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Currently 2 
mounted Comments VCPS bits ee 


media Bit 6 Bit 5 
DVD+RW | Use VCPS bits in Physical Format Information in ADIP 














DVD+R Use VCPS bits in Physical Format Information in ADIP 
first Buffer Zone 2 is not written 

session 
open Buffer Zone 2 is written 

Buffer Zone 2 does not contain VCPS information 

Buffer Zone 2 contains VCPS information” 

DVD+R Use VCPS bits in Physical Format Information in Control 
first — 

session 

closed Buffer Zone 2 does not contain VCPS Information 

Buffer Zone 2 contains VCPS Information ^ ? 

DVD-ROM | Use VCPS bits in Physical Format Information in Control 












































Other Not applicable 




















Table E-2: Currency of the VCPS feature 
Additional Length. The Additional field shall be set to 4. 


E.2 FORMAT UNIT command extensions (deprecated) 


This Annex E.2 has been deprecated. The FORMAT UNIT command does not require VCPS specific 
extensions. 


E.2.1 VCPS Format (deprecated) 
This Annex E.2.1 has been deprecated. 





18 Buffer Zone 2 contains VCPS information if BP 0..7 of Physical Sector Number Ox2FE10 and/or 
Ox2FF10 contain an EKB signature (see also Section 5.4 and Section 6.3.4). 

19 This inconsistent state might occur if the first session on a DVD+R Disc was closed by a recorder 
that is not designed to handle VCPS 
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E.3 REPORT KEY command extensions 


The REPORT KEY command provides a general mechanism for transferring authorization information 
from the Drive to the Host. The Command Descriptor Block has the format defined in Table E-3. If the 
Function Code is a reserved value, the Drive shall terminate the command with CHECK CONDITION 
status. In addition, the Drive shall set sense bytes SK/ASC/ASCQ to ILLEGAL REQUEST/INVALID 
FIELD IN CDB (0x05/0x24/0x00). 


Operation Code 





Reserved 





Starting Offset 





Function Code 





Key Class 





Allocation Length 





Reserved 





Control 





Table E-3: REPORT KEY Command Descriptor Block 
Operation Code. The Operation Code shall be set to 0xA4. 


Reserved. All reserved bytes shall be set to 0x00. 


Starting Offset. The Starting Offset specifies the byte offset from which the information structure 
transfer shall begin. Typically, Starting Offset is zero; however, if the structure is larger than 65535 
bytes, the entire structure may be delivered during the execution of several REPORT KEY commands. 


Function Code. The Function Code specifies the function that the Drive shall perform. The available 
functions are listed in Table E-4. 


Reserved 

DKB 

Device ID 

Key Contribution 

DKB Hash & Unique ID 
DKB Information 























Reserved 











Table E-4: Functions for REPORT KEY 


Key Class. The Key Class shall be set to 0x20. 

Allocation Length. The Allocation Length specifies the maximum number of bytes that a Drive is 
permitted to transfer to the Host. An Allocation Length of zero indicates that no data shall be 
transferred. This condition shall not be considered as an error. 


Control. The Control field shall have its usual meaning as specified in [MMC-4]. 
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E.3.1 REPORT KEY DKB (Function Code 0x01) 


The REPORT KEY DKB command returns the DKB that is contained in Buffer Zone 2. The semantics 
of the REPORT KEY DKB command are as follows (bullet items listed first take precendence over 
bullet items listed later): 

e If the DKB is contained in Buffer Zone 2, the Drive shall return the DKB from Buffer Zone 2, 
and terminate with GOOD status. 

e |f the DKB is contained in the Initial Zone, the Drive shall generate a new Unique ID. In 
addition, the Drive shall write the DKB and the Unique ID in Buffer Zone 2. On a DVD+R Disc, 
the Drive shall write the first ECC Block of the Data Zone as well.? If an unrecoverable error 
occurs while writing, the Drive shall terminate the command with CHECK CONDITION status. 
In addition, the Drive shall set sense bytes SK/ASC/ASCQ to ILLEGAL REQUEST/SYSTEM 
RESOURCE FAILURE (0x05/0x55/0x00). Otherwise, the Drive shall return the DKB, and 
terminate with GOOD status. 

e |fthe DKB is contained in the ADIP, and the Drive has completely retrieved the DKB from the 
DKB region in the ADIP, the Drive shall generate a new Unique ID. In addition, the Drive shall 
write the DKB and the Unique ID in Buffer Zone 2. On a DVD+R Disc, the Drive shall write the 
first ECC Block of the Data Zone as well. If an unrecoverable error occurs while writing, the 
Drive shall terminate the command with CHECK CONDITION status. In addition, the Drive 
shall set sense bytes SK/ASC/ASCQ to ILLEGAL REQUEST/SYSTEM RESOURCE FAILURE 
(0x05/0x55/0x00). Otherwise, the Drive shall return the DKB, and terminate with GOOD 
status. 

e Otherwise, the Drive shall terminate the command with CHECK CONDITION status. In 
addition the Drive shall set sense bytes SK/ASC/ASCQ to ILLEGAL REQUEST/SYSTEM 
RESOURCE FAILURE (0x05/0x55/0x00). 

The format of the returned data is defined in Table E-5. 


Data Length 
ata Leng (lsb) 





Reserved 





Padding 





Table E-5: REPORT KEY DKB returned data format 
Reserved. All reserved bytes shall be set to 0x00. 
Data Length. Data Length contains the total number of bytes L + 2 following the Data Length field. 
The Data Length may be less than the Allocation Length in the Command Descriptor Block. This shall 
not be considered as an error. 


DKB. An EKB structure as defined in Section 5.4. 


Padding. Padding bytes may be added such that L is a multiple of 4. All padding bytes shall be set to 
0x00. 





2 Note that the Host will not issue a separate WRITE 10 or WRITE 12 command for this purpose. 
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E.3.2 REPORT KEY Device ID (Function Code 0x02) 


The REPORT KEY Device ID command returns Device ID, of the Drive. The REPORT KEY Device ID 
command provides the functionality of step 1 in the authentication protocol defined in Section 7. The 
Drive shall return Device ID¿ and terminate with GOOD status. If a previous execution of the 
authentication protocol is in progress, the Drive shall abort that previous execution of the 
authentication protocol. The format of the returned data is defined in Table E-6. 


Data Length 





Reserved 


Reserved 





Device ID 





Table E-6: REPORT KEY Device ID returned data format 
Reserved. All reserved bytes shall be set to 0x00. 


Data Length. Data length shall be set to 38. 


Device ID. The Device ID, of the Drive. 
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E.3.8 REPORT KEY Key Contribution (Function Code 0x03) 


The REPORT KEY Key Contribution command returns the key contribution QD of the Drive. The 
REPORT KEY Key Contribution command provides the functionality of step 4 in the authentication 
protocol. The semantics of the REPORT KEY Key Contribution command are as follows: 

e |fthe authentication sequence has been violated, the Drive shall terminate the command with 
CHECK CONDITION status. In addition the Drive shall set sense bytes SK/ASC/ASCQ to 
ILLEGAL REQUEST/COMMAND SEQUENCE ERROR (0x05/0x2C/0x00). A retry of the 
authentication protocol shall start from step 1. 

e Otherwise, the Drive shall return its key contribution QD and terminate with GOOD status. 

The format of the returned data is defined in Table E-7. 


Data Length 
ata Leng (sb) 





Reserved 


Reserved 





Encrypted Random Numbers 1 





Encrypted Drive Key Contribution 





Table E-7: REPORT KEY Drive Key Contribution returned data format 
Reserved. All reserved bytes shall be set to 0x00. 


Data Length. Data length shall be set to 38. 


Encrypted Random Numbers 1. Encrypted Random Numbers 1 contains the random number RA of 
the Host and the random number RD of the Drive, encrypted using the Root Key KR, (see Section 
7) as follows: 


Encrypted Random Numbers 1 = AESEncrypt(KRautn, IV2 O (RA || RD)). 
Here IV2 is a 128-bit licensed constant. 
Encrypted Drive Key Contribution. Encrypted Drive Key Contribution contains the key contribution 
QD of the Drive, encrypted using the Root Key KRautn (see Section 7) as follows: 


Encrypted Drive Key Contribution 
= AESEncrypt(KRautn, QD O Encrypted Random Numbers 1). 
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E.3.4 REPORT KEY DKB Hash & Unique ID (Function Code 0x04) 


The REPORT KEY DKB Hash & Unique ID command returns the DKB hash value and Unique ID. The 
REPORT KEY DKB Hash & Unique ID command provides the functionality of step 8 in the 
authentication protocol. The semantics of the REPORT KEY DKB Hash & Unique ID command are as 
follows: 

e Ifthe authentication sequence has been violated, or if the Drive has aborted the authentication 
protocol in step 7, the Drive shall terminate the command with CHECK CONDITION status. In 
addition the Drive shall set sense bytes SK/ASC/ASCQ to ILLEGAL REQUEST/COMMAND 
SEQUENCE ERROR (0x05/0x2C/0x00). A retry of the authentication protocol shall start from 
step 1. 

e |f the Unique ID has not yet been recorded on the Disc, the Drive shall terminate the 
command with CHECK CONDITION status. In addition, the Drive shall set sense bytes 
SK/ASC/ASCQ to ILLEGAL REQUEST/SYSTEM RESIURCE FAILURE (0X05/0X55/0X00). 

e Otherwise, the Drive shall return the DKB Hash and Unique ID, and terminate with GOOD 
status. 

The format of the returned data is defined in Table E-8. 


Data Length 
ata Leng (sb) 





Reserved 


Reserved 





Encrypted DKB Hash 





Encrypted Unique ID 





Table E-8: REPORT KEY DKB Hash & Unique ID returned data format 
Reserved. All reserved bytes shall be set to 0x00. 


Data Length. Data length shall be set to 38. 


Encrypted DKB Hash. Encrypted DKB Hash contains the DKB hash value, encrypted using the Bus 
Key KB as follows: 
Encrypted DKB Hash = AESEncrypt(KB, IV2 ® DKB Hash). 


Here IV2 is a 128-bit licensed constant. A Drive that has playback-only functionality shall set DKB 
Hash field to all zeros, prior to encryption. A Drive that has recording functionality shall retrieve the 
DKB hash value from the hash region contained in the ADIP (see Section 6.2.3).* 


Encrypted Unique ID. Encrypted Unique ID contains the Unique ID, encrypted using the Bus Key KB 
as follows: 


Encrypted Unique ID = AESEncrypt(KB, (Reserved || Unique ID) & Encrypted DKB Hash). 


Here Reserved represents a string of 88 bits that are set to ‘0’. 





?1 Note that if the mounted media are read-only (and do not contain ADIP structures), the Drive shall 
set the DKB Hash field to all zeros, prior to encryption. 
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E.3.5 REPORT KEY DKB Information (Function Code 0x05) 


The REPORT KEY DKB command returns the information with respect to the DKB. The format of the 
returned data is defined in Table E-9. 


[Pe See aes 


(msb) 


Data Length (isb) 


Reserved 


DKB Size 





DKB Bytes Collected 





Reserved 














Reserved 





Table E-9: REPORT KEY DKB returned data format 
Reserved. All reserved bytes shall be set to 0x00. 


Data Length. Data length shall be set to 14. 
DKB Size. The size in byte of the DKB (Nin Table 5-1).2 


DKB Bytes Collected. The number of DKB bytes that the Drive has collected so far. If the Drive has 
to retrieve the DKB from the DKB region in the ADIP, DKB Bytes Collected may be less than DKB 
Size. If the Drive has to retrieve the DKB from the Initial Zone, DKB Bytes Collected shall be equal to 
DKB Size. If the Drive has to retrieve the DKB from Buffer Zone 2, DKB Bytes Collected shall be equal 
to DKB Size. 


Reserved. All reserved bits shall be set to ‘0’. All reserved bytes shall be set to 0x00. 


DKB_AD. DKB_AD indicates if the Disc contains a DKB in the DKB region in the ADIP, as follows: 
‘0: The Disc does not contain a DKB in the DKB region in the ADIP. 
1”: The Disc contains a DKB in the DKB region in the ADIP. 
DKB_IZ. DKB IZ indicates if the Disc contains a DKB in the Initial Zone, as follows: 
‘0: The Disc does not contain a DKB in the Initial Zone. 
1”: The Disc contains a DKB in the Initial Zone. 
DKB_BZ. DKB_BZ indicates if the Disc contains a DKB in Buffer Zone 2, as follows: 


‘0’: The Disc does not contain a DKB in Buffer Zone 2. 
ss The Disc contains a DKB in Buffer Zone 2. 





2 If the DKB is not contained in the ADIP, the Drive shall read the DKB size from BP 8..11 of the DKB. 
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E.4 SEND KEY command extensions 


The SEND KEY command provides a general mechanism for transferring authorization information 
from the Host to the Drive. The Command Descriptor Block has the format defined in Table E-10. If the 
Function Code is a reserved value, the Drive shall terminate the command with CHECK CONDITION 
status. In addition, the Drive shall set sense bytes SK/ASC/ASCQ to ILLEGAL REQUEST/INVALID 
FIELD IN CDB (0x05/0x24/0x00). 


Operation Code 





Reserved 





Function Code 





Key Class 





Parameter List Length 





Reserved 





Control 





Table E-10: SEND KEY Command Descriptor Block 
Operation Code. The Operation Code shall be set to 0Xa3. 


Reserved. All reserved bytes shall be set to 0x00. 


Function Code. The Function Code specifies the function that the Drive shall perform. The available 
functions are listed in Table E-11. 


Function Code Function 


Reserved 
Authorization Key 
Key Contribution 














Reserved 











Table E-11: Functions for SEND KEY 


Key Class. The Key Class shall be set to 0x20. 

Parameter List Length. The Parameter List Length specifies the number of bytes that the Host will 
transfer to the Drive. A Parameter List Length of zero indicates that no data shall be transferred. This 
condition shall not be considered as an error. 


Control. The Control field shall have its usual meaning as specified in [MMC-4]. 
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E.4.1 SEND KEY Authorization Key (Function Code 0x01) 


The SEND KEY Authorization Key command sends the Authorization Key Kax of the Drive. The SEND 
KEY Application Key command provides the functionality of step 2 in the authentication protocol. The 
semantics of the SEND KEY Authorization Key command are as follows: 

e If the authentication sequence has been violated, the Drive shall terminate the command with 
CHECK CONDITION status. In addition the Drive shall set sense bytes SK/ASC/ASCQ to 
ILLEGAL REQUEST/COMMAND SEQUENCE ERROR (0x05/0x2C/0x00). A retry of the 
authentication protocol shall start from step 1. 

e Otherwise, the Drive shall accept the Authorization Key and terminate with GOOD status. 

The format of the parameter data is defined in Table E-12. 


Data Length 
ata Leng (sb) 





Reserved 


Reserved 





Node Key Number 





Host Random Number 





Authorization Key KA, 





Table E-12: SEND KEY Application Key parameter data 
Reserved. All reserved bytes shall be set to 0x00. 
Data Length. Data length shall be set to 34. 
Node Key Number. Node Key Number indicates the Node Key KN; from the set of Node Keys KNg 
that the Drive shall use to obtain the Root Key KRau from the Authorization Key KA,. For this purpose, 
Node Key Number contains the bit position of the Device ID, bit that the Host has last processed in the 
leaf finding algorithm defined in Section 5.2. 
Host Random Number. Host Random Number contains a 64-bit random number. 
Authorization Key KA,. The Authorization Key KA, that the Host has retrieved from the Application 


Key Block AKB that is built-in to the Host, based on the Device ID¿ the Host has obtained from the 
Drive. 


56 © Royal Philips Electronics, April 2006 


System Description VCPS 
Video Content Protection System for the DVD+R/+RW Video Recording Format 
Version 1.34 Annex E 


E.4.2 SEND KEY Key Contribution (Function Code 0x02) 


The SEND KEY Key Contribution command sends the Bus Key KB contribution of the Host. The 
SEND KEY Key Contribution command provides the functionality of steps 6 and 7 in the authentication 
protocol. The semantics of the SEND KEY Key Contribution command are as follows (bullet items 
listed first take precendence over bullet items listed later): 

e If the authentication sequence has been violated, the Drive shall terminate the command with 
CHECK CONDITION status. In addition, the Drive shall set sense bytes SK/ASC/ASCQ to 
ILLEGAL REQUEST/COMMAND SEQUENCE ERROR (0x05/0x2C/0x00). A retry of the 
authentication protocol shall start from step 1. 

e |fthe random number RD of the Drive is not equal to the random number RD that the Drive 
has sent to the Host in the previous REPORT KEY Key Contribution command, the Drive shall 
terminate the command with CHECK CONDITION status. In addition, the Drive shall set 
sense bytes SK/ASC/ASCQ to ILLEGAL REQUEST/COPY PROTECTION KEY EXCHANGE 
FAILURE — AUTHENTICATION FAILURE (0x05/0x6F/0x00). A retry of the authentication 
protocol shall start from step 1. 

e Otherwise, the Drive shall accept the Host Bus Key contribution and terminate with GOOD 
status. 

The format of the parameter data is defined in Table E-13. 


(msb) 


Data Length 
ata Leng (sb) 


Reserved 


Reserved 





Encrypted Random Numbers 2 





Encrypted Host Key Contribution 





Table E-13: SEND KEY Host Key Contribution parameter data 
Reserved. All reserved bytes shall be set to 0x00. 


Data Length. Data length shall be set to 38. 


Encrypted Random Numbers 2. Encrypted Random Numbers contains the random number RD of 
the Drive and the random number RA of the Host, encrypted using the Root Key KRau (see Section 7) 
as follows: 


Encrypted Random Numbers 2 = AESEncrypt(KAauth, IV2 & (RD || RA)). 


Here IV2 is a 128-bit licensed constant. 


Encrypted Host Key Contribution. Encrypted Host Key Contribution contains the key contribution 
QA of the Host, encrypted using the Root Key KRautn (see Section 7) as follows: 


Encrypted Host Key Contribution = AESEncrypt(KRautn, QA ® Encrypted Random Numbers 2). 
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E.5 Use cases 


This Annex E.5 provides an overview of the command sequences that a Host should issue to record 
or render Protected Video Recordings. 


E.5.1 Authentication with a Drive 
The Host should issue a REPORT KEY Device ID command to obtain Device ID4. 


The Host should retrieve the Authorization Key AK, from the AKB built-in to the Host. In addition, the 
Host should generate a random number RA. The Host should issue a SEND KEY Authorization Key 
command to send this information to the Drive. 


The Host should issue a REPORT KEY Key Contribution command to obtain the key contribution QD 
of the Drive. Prior to accepting the key contribution QD of the Drive, the Host should verify that the 
Drive has returned the correct random number RA. 


The Host should issue a SEND KEY Key Contribution command to send its own key contribution QA 
to the Drive. With its key contribution QA, the Host should include the random number RD it has 
received from the Drive. 


The Host should issue a REPORT KEY DKB Hash and Unique ID command to retrieve the DKB hash 
value and Unique ID from the Drive, which will be used to calculate the Unique Key KU for Protected 
Video Recordings on the Disc. 


If any of the commands issued during authentication results in an error, the Host should retry the 
authentication protocol with a REPORT KEY Device ID command. 


Note that the Host may execute the authentication protocol multiple times. The Drive will always 
accept a REPORT KEY Device ID. The Drive will interpret this command as a start of (a new 
execution of) the authentication protocol, i.e. the Drive will reset its internal authentication state. If 
another execution of the authentication protocol was in progress, that execution will be abandoned. 


E.5.2 First Protected Video Recording on DVD+R/+RW media 
The Host should issue a GET CONFIGURATION command to check that the Drive and media support 
Protected Video Recordings (i.e. the VCPS feature is current). 


The Host should issue a REPORT KEY DKB Information command to check if the DKB is already 
available. If the Drive has to retrieve the DKB from the DKB region in the ADIP, the Drive returns the 
number of bytes of the DKB that has been retrieved so far. This enables the Host to estimate after 
how much time the DKB will be available. 


The Host may start recording a Protected Video Recording, while the Drive still is collecting the DKB. 
In the meantime, the Host may poll the Drive using a REPORT KEY DKB Information command to 
check on the availability of the DKB. 


The Host should issue a REPORT KEY DKB command to retrieve the DKB from the Disc. This will 
cause the Drive to write the DKB in Buffer Zone 2. 


The Host should authenticate with the Drive. See Annex E.5.1. 


The Host should verify that the DKB is consistent with the DKB Hash obtained in the final step of the 
authentication sequence. If the DKB is not consistent with the DKB Hash, the Host should refrain from 
making Protected Video Recordings. 


The Host should use the DKB and the Unique ID to calculate the Disc Key KD of the Disc, and store 
the encrypted Unique Key KU on the Disc. 


The Host may continue or start to record a new Protected Video Recording. 
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E.5.3 Additional Protected Video Recordings 


The Host should parse the file VIDEO RM.IFO (or VIDEO RK.IFO) to determine that the Disc 
contains Protected Video Recordings. See also [DVD-* VR], and optionally [DVD+VRR]. 


The Host should issue a GET CONFIGURATION command to check that the Drive supports Protected 
Video Recordings (i.e. the VCPS feature is current). 


The Host should issue a REPORT KEY DKB command to retrieve the DKB from the Disc. 
The Host should authenticate with the Drive. See Annex E.5.1. 


The Host should verify that the DKB is consistent with the DKB Hash obtained in the final step of the 
authentication sequence. If the DKB is not consistent with the DKB Hash, the Host should refrain from 
making Protected Video Recordings. 


The Host should use the DKB and the Unique ID to calculate the Disc Key KD of the Disc, and retrieve 
the encrypted Unique Key KU from the Disc. 


The Host may start to record a new Protected Video Recording 


E.5.4 Playback of Protected Video Recordings 


The Host should parse the file VIDEO RM.IFO (or VIDEO RK.IFO) to determine that the Disc 
contains Protected Video Recordings. See also [DVD-* VR], and optionally [DVD+VRR]. 


The Host should issue a GET CONFIGURATION command to check that the Drive supports Protected 
Video Recordings (i.e. the VCPS feature is current). 


The Host should issue a REPORT KEY DKB command to retrieve the DKB from the Disc. 
The Host should authenticate with the Drive. See Annex E.5.1. 


The Host should use the DKB and the Unique ID to calculate the Disc Key KD of the Disc, and retrieve 
the encrypted Unique Key KU from the Disc. 


The Host may start to render a Protected Video Recording. 
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AnnexF Extended Format Information (Informative) 


The specifications in this Annex F are included by reference only, and will be included in an upcoming 
release of the DVD+R/+RW basic format specifications. 


F.1 Extended Format Information 


The Extended Format Information consists of a table of contents (EFI TOC) and up to 16 distinct 
regions that contain additional format information. The EFI TOC defines the location and contents of 
the regions contained in the Extended Format Information. See Annex F.1.1. The EFI TOC shall be 
stored in the AUX data bytes of the ADIP words in the Data Zone, starting at the ADIP word that has 
Physical Address 0x0C000. The regions of the Extended Format Information shall be located in the 
AUX data bytes of the ADIP words in the Data Zone and/or shall be present as pre-recorded areas in 
the main data channel. Each region contains one or more copies of a data block of a particular type, 
as indicated in the EFI TOC. 

Figure F-1 schematically shows an example lay-out of the EFI TOC and the VCPS-defined regions 
that are contained in the AUX data bytes of the ADIP word in the Data Zone. The EFI TOC consists of 
8 consecutive copies of an ETOC block, where each ETOC block contains the complete EFI TOC 
information (see Annex F.1.1). The VCPS-defined hash region contains one or more copies of the 
DKB hash value, as specified in the EFI TOC. The VCPS-defined DKB region contains one or more 
copies of the DKB, as specified in the EFI TOC. Gaps may exist between any two regions. All AUX 
data bytes of the ADIP words in the gaps shall be set to 0x00. 









































0x0C000 0x0C800 
y 
N bytes 
DKB DKB Jes 
16 bytes 
l # of copies specified in EFI TOC 
hash hash | =v hash 
E d 
256 bytes of copies specified in EFI TOC 
ETOC | ETOC ee ETOC | 
~v- 
8 copies 


Figure F-1: Example lay-out of the Extended Format Information in the ADIP 
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F.1.1 EFI TOC 


The EFI TOC starts at the ADIP word that has Physical Address Ox0C000. The length of the EFI TOC 
is 2048 consecutive ADIP words. As shown in Figure F-1, the EFI TOC consists of 8 consecutive 
copies of an ETOC block. The ETOC block consists of at most 16 Region Descriptors, as defined in 
Table F-1. The combined size of all Region Descriptors contained in the ETOC block shall be no more 
than 256 bytes. Unused Region Descriptors shall be set to all zeros, such that the size of the ETOC 
block is exactly 256 bytes. 


Bit 
[O A O AA 
[0 


Region Descriptor #1 


Region Descriptor #2 


Region Descriptor #n 





Table F-1: ETOC 


Region Descriptor #n. Region Descriptor #n contains information with respect to the n-th region of 
the Extended Format Information (1 < n < 16). A Region Descriptor consists of a Basic Region 
Descriptor followed by zero or more Extended Region Descriptors. The format of a Basic Region 
Descriptor is defined in Table F-2. The format of an Extended Region Descriptor is defined in Table 
F-3. 


Region Type Identifier 








Version Number 
Region Start Address 





(Isb) 





Data Block Size 
(Isb) 





Repeat Count 
Reserved Private 











Alternative Location 


(Isb) 





Table F-2: Basic Region Descriptor 
Region Type Identifier. The type of the data block that is contained in the region. Data blocks stored 
in different regions having the same Region Type Identifier shall be identical. 
Extent. The Extent bit shall indicate if this Basic Region Descriptor is followed by an Extended Region 
Descriptor, as follows: 


‘0: This Basic Region Descriptor is not followed by an Extended Region Descriptor. 
"d This Basic Region Descriptor is followed by an Extended Region Descriptor. 
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Version Number. The revision of the data block type that is contained in the region. 


Region Start Address. If the data block is stored in the AUX data bytes of the ADIP, the Region Start 
Address is given as the Physical Address of the ADIP word that contains the first byte of the data 
block, divided by 256. Region Start Address shall be greater than or equal to 0x00C8. On a dual layer 
Disc, Region Start Address may be located in the second layer. If the data block is not stored in the 
AUX data bytes of the ADIP, the Region Start Address shall be zero. In that case the Alternative 
Location shall be non-zero and specify the location of the data block in the main data channel. 


Data Block Size. The size in bytes of a single copy of the data block in the region. On a dual layer 
Disc, Data Block Size shall be such that the entire data block is contained in a single layer only. Data 
Block Size shall be set to zero if the data block is not contained in the AUX data bytes of the ADIP. 


Repeat Count. The number of consecutive copies of the data block that are contained in the region. If 
the data block is stored in the AUX data bytes of the ADIP and the region extends through the end of 
the Disc, Repeat Count shall be set to 0. Repeat Count shall be set to zero if the data block is not 
contained in the AUX data bytes of the ADIP. 


Reserved. All reserved bits shall be set to ‘0’. 


Private. The Private bit shall indicate if a Drive is permitted to output the contents of the region, as 
follows: 


‘0: A Drive is permitted to output the contents of the region. 
‘1: A Drive is not permitted to output the contents of the region. 


Alternative Location. In addition to, or alternative to storage in the AUX data bytes of the ADIP, the 
data block may be stored in a contiguous area of the main data channel. In that case, the Alternative 
Location specifies the location of the first Physical Sector Number in the main data channel that 
contains one or more copies of the data block. Otherwise, Alternative Location shall be set to zero. 
Note that the format of the data block as contained in the main data channel may be different from the 
format of the data block as contained in the AUX data bytes of the ADIP. 


Bit 
HET NN 


(msb) 


Region Type Identifier 








Extent Version Number 





Reserved 





Table F-3: Extended Region Descriptor 
Region Type Identifier. Region Type Identifier shall be identical to the the Region Type Identifier 
contained in the preceding Basic Region Descriptor. 
Extent. The Extent bit shall indicate if this Extended Region Descriptor is followed by another 
Extended Region Descriptor, as follows: 
‘0: This Extended Region Descriptor is not followed by an Extended Region Descriptor. 
ie This Extended Region Descriptor is followed by an Extended Region Descriptor. 


Version Number. Version Number shall be identical to the the Version Number contained in the 
preceding Basic Region Descriptor. 


Reserved. All reserved bytes shall be set to 0x00. 
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Annex G Supplementary navigation (Normative) 


A Disc that contains Protected Video Recordings should not cause problems when it is played with a 
DVD player that does not support VCPS. To improve compatibility with such DVD players this Annex 
G provides additional DVD-Video navigation structures. These additional navigation structures are 
contained in the data structures in the DVD-Video zone. 

In order to prevent playback of Protected Video Recordings on DVD players that do not support 
VCPS, it is recommended that a Recorder does not include any Protected Video Recording in the 
DVD-Video navigation structures on a Disc. It is recommended that a Recorder uses the additional 
navigation structures defined in this Annex G. In that case, the Recorder shall include both the 
Protected Video Recordings and any other video recordings in these additional navigation structures. 
If the additional navigation structures defined in this Annex G are present on a Disc, a Player shall 
make use of these additional structures in order to play the entire content of the Disc.” 


G.1 Video Manager Information (VMGI) 


This Annex G.1 provides extensions to [DVD-Video], Section 4.1, Video Manager Information (VMGI), 
and Section 4.1.1, Video Manager Information Management Table (VMGI_MAT). 


G.1.1 Extended VMGI 


The Extended VMGI contains four new optional structures appended to the VMGI, see Table G-1. 
These are the VCPS Title Search Pointer Table (VCPS_TT_SRPT), the VCPS Video Manager Menu 
PGCI Unit Table (VCPS_VMGM_PGCI_UT), the VCPS Parental Management Information Table 
(VCPS_PTL_MAIT), and the VCPS Text Data Manager (VCPS_TXTDT_MG). 

If present, a Player should use these optional structures together with an additional VCPS First Play 
PGCI (VCPS_FP_PGCI) structure (see Annex G.1.2), instead of the corresponding structures in the 
original VMGI. 





VCPS Title Search Pointer Table 
(VCPS_TT_SRPT) 
(Optional) 
VCPS Video Manager Menu PGCI Unit Table 
(VCPS_VMGM_PGCI_UT) 





(Optional) 
VCPS Parental Management Information Table 
(VCPS_PTL_MAIT) 
(Optional) 


VCPS Text Data Manager 
(VCPS_TXTDT_MG) 


(Optional) 





Table G-1: Extended VMGI 





? DVD players that do not support VCPS will continue to make use of the standard DVD-Video 
navigation structures, and thus will not notice the presence of Protected Video recordings on the Disc. 
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VMGI. See [DVD-Video], Section 4.1, Video Manager Information (VMGI). In addition, see Annex 
G.1.2 for a number of fields that have been added or redefined in the Video Manage Information Table 
(VMGI_MAT) contained in the VMGI. 


VCPS Title Search Pointer Table (VCPS_TT_SRPT). This structure is identical in format to the Title 
Search Pointer Table defined in [DVD-Video], Section 4.1.2, Title Search Pointer Table (TT_SRPT). 
The VCPS Title Search Pointer Table (VCPS_TT_SRPT) describes all Title Units contained in the 
VCPS_VTS_PTT_SRPTs (see Annex G.2.1) in all video title sets under the VIDEO_TS directory. If the 
field VCPS_VTS_PTT_SPRT_SA (see Annex G.2.2) contains 0x00000000 for a video title set, the 
VCPS Title Search Pointer Table (VCPS TT SRPT) shall also describe all Title Units contained in the 
DVD-Video VTS PTT SRPT equivalent, as defined in [DVD-Video], Section 4.2.2, Video Title Set 
Part of Title Search Pointer Table (VTS PTT SRPT). 





VCPS Video Manager Menu PGCI Unit Table (VCPS VMGM PGCI UT). This structure is identical 
in format to the Video Manager Menu PGCI Unit Table (VMGM PGCI UT) defined in [DVD-Video], 
Section 4.1.3, Video Manager Menu Program Chain Information Unit Table (VMGM PGCI UT). 


VCPS Parental Management Information Table (VCPS PTL MAIT). This structure is identical in 
format to the Parental Management Information Table (PTL MAIT) defined in [DVD-Video], Section 
4.1.4, Parental Mangement Information Table (PTL MAIT). 


VCPS Text Data Manager (VCPS TXTDT MG). This structure is identical in format to the Text Data 
Manager (TXTDT MG) defined in [DVD-Video], Section 4.1.6, Text Data Manager (TXTDT MG). 


G.1.2 Video Manager Information Table (VMGI MAT) 


In order to allow the optional structures defined in Section G.1 to be added, some of the reserved 
fields in the Video Manager Information Table (VMGI MAT) have been redefined. In addition, the 
definition of some fields has been modified. See Table G-2. 


Relative Contents Number 
Byte of bytes 
Position 














16 to 19 VCPS ID VCPS Identifier 4 bytes 
20 to 27 Reserved Reserved 8 bytes 
28 to 31 VMGI EA End address of VMGI 4 bytes 
136 to 139 | VCPS VMGI MAT EA End address of VMGI MAT including the | 4 bytes 
BENE Yope pe UE 
140 to 143 4 bytes 
144 to 191 48 bytes 
224 to 227 4 bytes 








228 to 231 4 bytes 
232 to 235 4 bytes 
236 to 239 4 bytes 
240 to 255 | Reserved | | |  |16bytes 


1024-2292 to | VCPS FP PGCI VCPS First Play PGCI 0 or (236 to 
3559 (max) uA bytes 


Table G-2: Redefinition of selected fields in VMGI MAT 


VCPS ID. VCPS_ID shall be set to 0x56435053 (the encoding of the characters "VCPS" according to 
[ISO 646]) to identify that this is an Extended VMGI structure that also contains VCPS information. 





% Note that the definition of the field VMGI MAT EA as defined in [DVD-Video], Section 4.1.1, Video 
Manager Information Management Table (VMG MAT), is not changed. VGMI-MAT EA contains the 
end address of the VMGI MAT structure, excluding the VCPS First Play PGCI (VCPS FP PGCI) 
structure. The length of the FP PGCI structure can be calculated using the FP PGCI SA field and the 
VMGI MAT EA field 
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VMGI_EA. Contains the end address of the Extended VMGI. 


VCPS_VMGI_MAT_EA. Contains the end address of the VMGI MAT structure with relative byte 
number from the first byte of this VMGI_MAT structure including the VCPS First Play PGCI 
(VCPS FP PGCI) structure. The length of the VCPS FP PGCI structure can be calculated using the 
VCPS FP PGCI SA field and the VCOPS VMGI MAT EA field. 


VCPS FP PGCI SA. Contains the start address of the VCPS FP PGCI structure with relative byte 
number from the first byte of this VMGI MAT structure. If a VCPS FP PGCI structure is not present 
and the FP PGCI equivalent should be used instead, VCPS FP PGCI SA shall be set to 
0x00000000. If a VCPS FP PGCI structure is not present and the FP PGCI equivalent should not be 
used, VCPS FP PGCI SA shall be set to OXffffffff. 


VCPS TT SRPT SA. Contains the start address of the VCPS TT SRPT structure with relative 
logical block number from the first logical block of this Extended VMGI structure. If a VCPS TT SRPT 
structure is not present, VCPS TT SRPT SA shall be set to 0x00000000. This means that the 
TT SRPT equivalent should be used. 


VCPS VMGM PGCI UT SA. Contains the start address of the VCPS VMGM PGCI UT structure 
with relative logical block number from the first logical block of this Extended VMGI. If a 
VCPS VMGM PGCI UT structure is not present and the VMGM PGCI UT equivalent should be 
used instead, VOPS VMGM PGCI UT SA shall be set to 0x00000000. If a VCPS VMGM PGCI UT 
structure is not present and the VMGM PGCI UT equivalent should not be used, 
VCPS VMGM PGCI UT SA shall be set to OXffffffff. 

















VCPS PTL MAIT SA. Contains the start address of the VCPS PTL MAIT structure with relative 
logical block number from the first logical block of this Extended VMGI. If a VCPS PTL MAIT 
structure is not present and the PTL MAIT equivalent should be used instead, VCPS PTL MAIT SA 
shall be set to 0x00000000. If a VCPS PTL MAIT structure is not present and the PTL MAIT 
equivalent should not be used, VCPS PTL MAIT SA shall be set to OXffffffff. 


VCPS TXTDT MG SA. Contains the start address of the VCPS TXTDT MG structure with relative 
logical block number from the first logical block of this Extended VMGI. If a VCPS  TXTDT MG 
structure is not present and the TXTDT MG equivalent should be used instead, 
VCPS TXTDT MG SA shall be set to 0x00000000. If a VCPS TXTDT MG structure is not present 
and the TXTDT MG equivalent should not be used, VCPS TXTDT MG SA shall be set to OXTfffffff. 


VCPS FP PGCI. Contains the VCPS First Play PGCI structure, which has the same structure as the 
First Play PGCI (FP. PGCI) defined in [DVD-Video], Section, 4.3, Program Chain Information (PGCI). 
VCPS FP PGCI shall start directly after the First Play PGCI (FP. PGCI). If the FP PGCI structure is 
not present, the VCPS FP PGCI shall start at relative byte position 1024 (if it is present). 
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G.2 Video Title Set Information (VTSI) 


This G.2 provides extensions to [DVD-Video], Section 4.2, Video Title Set Information (VTSI), and 
Section 4.2.1, Video Title Set Information Management Table (VTSI_MAT). 


G.2.1 Extended VTSI 


The Extended VTSI contains four new optional structures appended to the VTSI, see Table G-3. 
These are the VCPS Video Title Set Part_of_Title Search Pointer Table (VCPS_VTS_PTT_SRPT), 
VCPS Video Title Set Program Chain Information Table (VCPS_VTS_PGCIT), VCPS Video Title Set 
Menu PGCI Unit Table (VCPS_VTSM_PGCI_UT), and the VCPS Video Title Set Time Map Table 
(VCPS VTS TMAPT). 

For DVD-Video, a video title set shall contain at least one program chain that contains at least one 
cell. A cell that contains encrypted AV Packs shall be hidden for playback DVD players that do not 
support VCPS either by not including it in any program chain or by implementing a navigation 
command that directly navigates away from the current program chain (e.g. a jump to the video 
manager title menu). Note that if all cells in a video title set contain encrypted AV Packs, there still 
must be at least one program chain for playback on DVD players that do not support VCPS. Further 
note that it is possible to add an extra cell that does not contain encrypted AV Packs, which can for 
example contain a still picture with a message to indicate that the title cannot be played on DVD 
players that do not support VCPS. 


VCPS Video Title Set Part of Title Search Pointer Table 
(VCPS VTS PTT SRPT) 
(Optional) 
VCPS Video Title Set Program Chain Information Table 
(VCPS VTS PGCIT) 
(Optional) 
VCPS Video Title Set Menu PGCI Unit Table 
(VCPS VTSM PGCI UT) 
(Optional) 


VCPS Video Title Set Time Map Table 
(VCPS VTS TMAPT) 





(Optional) 


Table G-3: Extended VTSI 


VTSI. See [DVD-Video], Section 4.2, Video Title Set Information. In addition, see Annex G.2.2 for a 
number of fields that have been added or redefined in the Video Title Set Management Table 
(VTSI. MAT) contained in the VTSI. 


VCPS Video Title Set Part of Title Search Pointer Table (VCPS VTS PTT SRPT). This structure 
is identical in format to the Video Title Set Part of Title Search Pointer Table (VTS PTT SRPT) 
defined in [DVD-Video], Section 4.2.2, Video Title Set Part of Title Search Pointer Table 
(VTS PTT SRPT). In the case that for a video title set the VCPS VTS PTT. SRPT structure is 
present (the VCPS VTS PTT SPRT SA in VTSI MAT does not contain 0x00000000, see Annex 
G.2.2), this table shall contain search pointers for all the Title Units and Part of Titles in this VTS. 
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VCPS Video Title Set Program Chain Information Table (VCPS_VTS_PGCIT). This structure is 
identical in format to the Video Title Set Program Chain Information Table (VTS_PGCIT) defined in 
[DVD-Video], Section 4.2.3, Video Title Set Program Chain Information Table (VTS_PGCIT). 


VCPS Video Title Set Menu PGCI Unit Table (VCPS_VTSM_PGCI_UT). This structure is identical in 
format to the Video Title Set Menu PGCI Unit Table (VTSM_PGCI_UT) defined in [DVD-Video], 
Section 4.3.4, Video Title Set Menu Program Chain Information Unit Table (VTSM_PGCI_UT). 


VCPS Video Title Set Time Map Table (VCPS_VTS_TMAPT). This structure is identical in format to 
the Video Title Set Time Map Table (VTS_TMAPT) defined in [DVD-Video], Section 4.2.5, Video Title 
Set Time Map Table (VTS_TMAPT). 


G.2.2 Video Title Set Information Management Table (VTSI_MAT) 


In order to allow the optional structures defined in Section G.2.1 to be added, some of the reserved 
fields in the Video Title Set Management Table (VTSI_MAT) have been redefined. In addition, the 
definition of some fields has been modified. See Table G-4. 













Relative Contents Number 
Byte of bytes 
Position 







16 to 19 
20 to 27 
28 to 31 
232 to 235 
236 to 239 
240 to 243 
244 to 247 
248 to 255 


Table G-4: Redefinition of selected fields in VTSI MAT 


VCPS ID. VCPS D shall be set to 0x56435053 (the encoding of the characters "VCPS" according to 
[ISO 646]) to identify that this is an Extended VMGI structure that also contains VCPS information. 































4 bytes 
4 bytes 
4 bytes 
4 bytes 

















VTSI EA. Contains the end address of the Extended VTSI 


VCPS VTS PTT SRPT SA. Contains the start address of the VOPS VTS PTT SRPT structure with 
relative logical block number from the first logical block of this Extended VTSI structure. If a 
VCPS VTS PTT SRPT structure is not present, VCPS VTS PTT SRPT SA shall be set to 
0x00000000. This means that the VTS PTT SRPT equivalent should be used. 





VCPS VTS PGCIT SA. Contains the start address of the VCPS VTS PGCIT structure with relative 
logical block number from the first logical block of this Extended VTSI structure. If a 
VCPS VTS PGCIT structure is not present, VCPS VTS PGCIT SA shall be set to 0x00000000. This 
means that the VTS PGCIT equivalent should be used. 


VCPS VTSM PGCI UT SA. Contains the start address of the VCOPS VTSM PGCI UT structure with 
relative logical block number from the first logical block of this Extended VTSI structure. If a 
VCPS VTSM PGCI UT is not present and the VTSM PGCI UT equivalent should be used instead, 
VCPS VTSM PGCI UT SA shall be set to 0x00000000. If a VCPS VTSM PGCI UT is not present 
and the VTSM PGCI UT equivalent should not be used, VCPS VTSM PGCI UT SA shall be set to 
OXTFffffff. 
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VCPS_VTS_TMAPT_SA. Contains the start address of the VCPS_VTS_TMAPT structure with relative 
logical block number from the first logical block of this Extended VTSI structure. If a 
VCPS VTS TMAPT structure us not present and the VTS TMAPT equivalent should be used 
instead, VCPS VTS TMAPT shall be set to 0x00000000. If a VCPS VTS TMAPT structure is not 


present and the VTS TMAPT equivalent should not be used, VCPS VTS TMAPT SA shall be set to 
OXTfffffff. 
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Annex H History of changes (Informative) 


The most important changes from version 1.2 of the System Description VCPS to this version 1.34 of 
the System Description VCPS are the following: 


The definition of the VCPS bit has been modified, and an additional bit has been added to the 
Physical Format Information. These changes are necessary in order to avoid that recorders, 
which do not support VCPS, store inconsistent information in the Lead-in. 

Whenever the DKB and Unique ID are written in Buffer Zone 2 on a DVD+R Disc, the first 
ECC block in Data Zone must be written as well, in order to prevent overwrites by recorders 
that do not support VCPS. 

The use of a version of the DVD+R/+RW Video Format Specifications that support copy 
protection has been made mandatory. 

Support for DVD+VR video format on DVD+R media has been added explicitly. 

The headers of the SEND KEY parameter data and the REPORT KEY returned data of the 
Drive commands in Annex E have been modified to follow the revised MMC specification. 

A set of supplementary navigation structures has been added (Annex G), which should be 
used so as to prevent playback of encrypted video on players that do not support VCPS. 


The history of changes of previous versions of the System Decription VCPS has been removed. 


Table H-1 below provides a detailed list of the changes. Unless indicated otherwise, references to 
Sections, Tables, and Figures pertain to this version 1.34 of the System Description VCPS. 





























Location Change Comment 
Section 1.1 "recorded in ... format" Clarification; both DVD+VR video 
— “recorded on ... format” format and DVD-Video format 
are supported 
“VCPS-enabled video recorder” Editorial 
> “VCPS-enabled recorder" 
Section 1.3 “DVD+RW 4.7 Gbytes, Video” Editorial 
— “DVD+RW, Video 
DVD+VRR Reference added 
Section 1.4 “[DVD+VR] plus this" Support for DVD+VR video format 
Protected Video > “[DVD+VR] plus optionally on DVD+R media 
Format [DVD+VRR] plus this” 
Section 2.1 “plus [DVD+VR], which” Support for DVD+VR video format 
— “plus [DVD+VR plus on DVD+R media 
optionally [DVD+VRR], which” 
Figure 4-1 RNG boxes added for Unique ID Clarification 
and Unique Key KU 
Section 4.2.1 Added footnote Clarification 
Disc Key KD 
AV Pack “Stream ID field in the encrypted” Clarification 





— “Stream ID field in the first 
packet header in the encrypted” 

















Section 5.4 “M— 1 = 298 +” > “M — 1 = 289 +” Correction 
Section 6.2.1 “VCPS bit” — “VCPS bits” Fix to prevent inconsistent Discs 
“Bit 5 ... shall be set to '0"" Added; fix to prevent inconsistent 
Discs 
Section 6.3.1 “VCPS bit” — “VCPS bits” Fix to prevent inconsistent Discs 
"Bit 6 in* — “Bit 6 in ... Bit 5 in" Fix to prevent inconsistent Discs 
Footnote Added Non VCPS Recorders may handle 

















VCPS bits incorrectly 
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Annex H Version 1.34 
Location Change Comment 
Section 6.3.2 “pre-recorded DKB is” Editorial 
— “pre-recorded DKB Area is” 
“ECC Block boundary.” Clarification 
>” ECC Block boundary. ... be 
identical” 
Table 6-3 “Pre-recorded DKB” Editorial 
—^Pre-recorded DKB Area" 
Section 6.3.4 "store two copies" Clarification 
— “store two identical copies" 
Footnotes Added Fix to prevent potential data loss on 
DVD+R Discs 
Section 6.4.1 “shall store, amongst others, the” Editorial 
— “shall store the” 
PCI_PKT “If applicable,” Clarification 
— “If the ... in [DVD+VR],” 
CGMS 1/2 Footnote modified and moved Clarification for [DVD+VR] video 
format; fix consistency between 
[DVD+VR] video format and 
[DVD-Video] format 
EPN 1/2 Footnote modified and moved Clarification for [DVD+VR] video 
format; fix consistency between 
[DVD+VR] video format and 
[DVD-Video] format 
New PK “The New PK bit ... that preceding Clarification 
extended NV_PCK.” 
— “The New PK bit ... value.” 
Section 6.4.2 “[DVD+VR], Video” Editorial 
— [DVD+VR], Section 4, Video” 
“(VRMI), see” Support for DVD+VR video format 
> “(VRMI), ..., see” on DVD+R media 
Footnote added Clarification 
Table 6-8 VERN field added Mandatory use of versions of 


[DVD+VR] and [DVD+VRR] 
that support copy protection 





Section 6.4.2.1 


Added 


Mandatory use of versions of 











VERN [DVD+VR] and [DVD+VRR] 
that support copy protection 
CP_METHOD Footnote added Clarification 
Table 6-11 “All other” Clarification 
— “All other audio types” 
Section 7 Added Fix to prevent potential data loss on 
footnote DVD+R Discs 


(version 1.2) 





“On a blank Disc ... Section 4.2.1).” 


Deleted; fix to prevent potential 
data loss on DVD+R Discs 




















Step 8 “read the DKB hash value” Editorial 
— “read the DKB Hash value” 
"set to '0'." Clarification 
—>” set to ‘0’. ... Unique ID." 
Annex D.1 "In addition, a Recorder" Clarification 
— “For this purpose, a 
Recorder" 
"Note that ... background process)” | Added; clarification 
Figure D-1 — Various clarifications 
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Version 1.34 Annex H 
Location Change Comment 
Annex D.2 In addition, a Player” Clarification 
— “For this purpose, a Player” 
“VCPS bit (bit 6* Fix to prevent inconsistent Discs 
— “VCPS bits (bit 5 and bit 6” 
“Note that ...Drive Commands.” Added; clarificarion 
Footnote “from bit 6 in" — “from bit 5 in" Fix to prevent inconsistent Discs 
Figure D-2 — Various clarifications 
Annex E.1 “and/or from bit 6“ Fix to prevent inconsistent Discs 
— “and/or from bit 5 and bit 6” 
Current “See also Table E-2” Added; clarification 


Additional Length 


2" footnote 
3" footnote 


"Additional Length ... set to 4." 
“from bit 6 in” — "from bit 5 in” 
Added 


Added; clarification 

Fix to prevent inconsistent Discs 

Inconsisten Discs cannot be 
prevented completely 




















Annex E.3 "If the Function Code... Added; clarification 
(0x05/0x24/0x00).” 
Table E-2 Added Clarification 
Table E-5 Data Length and Reserved fields in | Revision of MMC specification 
header swapped 
Annex E.3.1 “Buffer Zone 2. If an” Prevent potential data loss on 
2™ bullet > "Buffer Zone 2. ... If an" DVD+R Discs 
“while writing the DKB, the Drive” Editorial 
— “while writing, the Drive” 
3" bullet “Buffer Zone 2. If an” Prevent potential data loss on 


Data Length 


— "Buffer Zone 2. ... If an” 


DVD+R Discs 





“while writing the DKB, the Drive” 
— “while writing, the Drive” 


Editorial 





“Lin the returned data” following" 
> ”L + 2 following" 


Revision of MMC specification 























Padding “such that the Data Length L” Revision of MMC specification 
> "such that L” 
Table E-6 Data Length and Reserved fields in | Revision of MMC specification 
header swapped 
Annex E.3.2 “shall be set to 36” Revision of MMC specification 
Data Length > "shall be set to 38” 
Table E-7 Data Length and Reserved fields in | Revision of MMC specification 
header swapped 
Annex E.3.3 “shall be set to 36” Revision of MMC specification 
Data Length > "shall be set to 38” 
Table E-8 Data Length and Reserved fields in | Revision of MMC specification 
header swapped 
Annex E.3.4 “shall be set to 36” Revision of MMC specification 


Data Length 


— "shall be set to 38” 





“If the Unique ID ... 
(0x05/0x55/0x00).” 


Added; DKB must be retrieved prior 
to last step of authentication 




















Table E-9 Data Length and Reserved fields in | Revision of MMC specification 
header swapped 
Annex E.3.5 “shall be set to 12” Revision of MMC specification 
Data Length > "shall be set to 14” 
DKB Size Footnote added Clarification 
Annex E.4 “If the Function Code ... Added, clarification 
(0x05/0x24/0x00).” 
Table E-12 Data Length and Reserved fields in | Revision of MMC specification 





header swapped 
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Location Change Comment 
Annex E.4.1 “shall be set to 32” Revision of MMC specification 
Data Length — "shall be set to 34” 
Table E-13 Data Length and Reserved fields in | Revision of MMC specification 
header swapped 
Annex E.4.2 “shall be set to 36” Revision of MMC specification 
Data Length > "shall be set to 38” 
Annex E.5.2 "tha still ...retrieved.” Correction 
> “that has been ... so far.” 
“The Host should verify ... Clarification 
Protected Video Recordings.” 
Annex E.5.3 “See also [DVD+VR].” Support for [DVD+VR] video format 
—"See also ... [DVD+VRR].” on DVD+R media 
Annex E.5.4 “See also [DVD+VR].” Support for [DVD+VR] video format 
—"See also ... [DVD*VRR]." on DVD+R media 
"should authenticate ... should use" | Consistency with recording: retrieve 
> “should issue... should use” DKB before authentication. 
Annex G Added Prevent playback problems on 
players that do not support 
VCPS potected recordings 
Table H-1: Detailed list of changes (continued) 
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